Some Malwarebytes Nebula actions may be performed by command line to help with custom scripting or automation by software deployment and remote monitoring and management (RMM) tools.
The Endpoint Agent Command-line tool, EACmd, is a Windows™ application created to communicate with the Endpoint Agent service. This article covers suggested methods of using EACmd in your scripts or deployment methods.
EACmd works with the Endpoint Agent using the same communication method as the Endpoint Agent Tray program. EACmd is located on each Windows endpoint at C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe.
|--loglevel=VALUE||The level of logging to set the service. Valid values are Debug and Info.|
|-d, --diag||Collect a diagnostic log for the Endpoint Agent service.|
|--debug||Set the level of logging to debug for the program.|
|--refreshagentinfo||Update the agent information for the endpoint. This will immediately post the information to the cloud console.|
|--updateprotection||Manually updates protection service.|
|--updatesoftware||Manually checks for software and definitions update and if one exists, it is downloaded then installed (or paused) based on policy settings. For Patch Management customers, this command also updates supported third-party applications.|
|--versions||Displays version information for all Endpoint Agent components and plugins.|
|--runpendingsoftwareupdate||Manually checks for pending software updates and if one exists, it is installed regardless of policy settings.|
|-h, --help||Display a usage message for the EACmd program with all of the options.|
|--syncnow||Forces a sync with the Nebula cloud platform.|
|--testconnections||Tests connection to Malwarebytes servers.|
|--certcheck=VALUE||Check if file passes signature check.|
|--getmachineids||Displays the current Account ID, Machine ID, and Nebula Machine ID of the endpoint.|
|--verifyaccounttoken=VALUE||Checks if the supplied account token matches the currently stored account token.|
|--changeaccounttoken=VALUE||Changes the current account token to the one within Nebula. Administrative privileges required.|
|--proxy.server=VALUE||Changes the current proxy server address. Administrative privileges required.|
|--proxy.bypassOnLocal=VALUE||Enable or disable bypass proxy. Administrative privileges required.|
|--proxy.port=VALUE||Changes the current proxy port number. Administrative privileges required.|
|--proxy.user=VALUE||Changes the current proxy username. Administrative privileges required.|
|--proxy.password=VALUE||Changes the current proxy password. Administrative privileges required.|
|--proxy.clear||Clear all proxy settings. Administrative privileges required.|
|--threatScan||Performs a Threat Scan unless Allow Users to run a threat scan is disabled in the policy.|
|--resetmachineids||Generates a new Machine ID and Nebula Machine ID.|
Check for Protection Updates via command line (Windows)
This command performs an immediate check for Protection Updates. It is identical to performing a Protection Updates check from the Endpoints screen in the console.
Scans perform this check before scanning. The Protection Updates check also ensures Real-Time Protection uses the most recent updates.
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe --updateprotection
Check for Software Updates via command-line (Windows)
This command performs an immediate check for updates to the Malwarebytes software on the endpoint. It is identical to performing a Software Updates check from the Endpoints screen in the console.
Any manual check for Software Updates ignores the Pause Software Updates policy setting.
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe --updatesoftware
Get Nebula Machine ID via command-line (Windows)
This command displays the current Account ID, Machine ID, and Nebula Machine ID.
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe --getmachineids
Reset Nebula Machine ID via command-line (Windows)
This command generates a new Machine ID and Nebula Machine ID.
Use the command if the Malwarebytes Endpoint Agent software was deployed improperly using a cloned Windows OS image.
To verify these changes, run the Get Nebula Machine ID command before and after running the Reset Nebula Machine ID command.
Note: If the endpoint is a virtual machine, verify the VM hardware profile has a unique UUID and is not a duplicate or clone.
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe --resetmachineids
Return to the Malwarebytes Nebula Administrator Guide.