The Malwarebytes Support Tool command line version is used to cleanup and remove Malwarebytes business products including their files, settings, and license information. Consult with Malwarebytes support before running the support tool or try removing Malwarebytes software by using the Malwarebytes Nebula console. For more information, see Delete endpoints in Nebula.
To remove Malwarebytes software from a Windows endpoint, download the Support Tool, then run it from the Command Prompt. In the Command Prompt, you can use switches to specify how you want to remove the Malwarebytes software. A list of switches and instructions on how to use them are in this article.
Note: Before running the Malwarebytes Business Support Tool, you must:
- Disable Self-Protection Module in Malwarebytes Nebula policy settings.
- Disable Tamper Protection in Malwarebytes Nebula policy settings.
- Disable Tamper Protection in Windows Security settings if Malwarebytes is not registered in Windows Action Center.
If Tamper Protection cannot be disabled, use our Nebula Discovery & Deployment tool to remove Malwarebytes.
Download and run the Malwarebytes Business Support Tool
- Click here to download the latest version of Malwarebytes Business Support Command Line Tool and save it to the desktop.
- Open Command Prompt as an administrator.
- In the command window, type in cd C:\Users\(name of username)\desktop or cd %userprofile%\desktop
- Run the following command to clean the Malwarebytes agent when Tamper Protection is disabled:
- mbstcmd-184.108.40.206.exe /y /cleanup /noreboot /nopr /dev /epatoken "NoTamperProtection"
- Reboot manually
- Open Command Prompt as an administrator and navigate to cd C:\Users\(name of username)\desktop. Then run the following command:
- mbstcmd-220.127.116.11.exe /y /cleanup /noreboot /nopr /dev
- Reboot manually
- Verify the following directories are removed. If they are not, remove them manually:
- C:\Program Files\Malwarebytes Endpoint Agent
- C:\ProgramData\Malwarebytes Endpoint Agent
- C:\Program Files\Malwarebytes
Watch this video to run the Malwarebytes Business Support Tool:
Command line switches
Here is a list of switches you can use to execute the Malwarebytes Business Support Tool:
- Accepts the EULA. Without this command you will not be able to run the tool.
- Uninstalls all versions of Malwarebytes products it finds on the machine.
- Does not reinstall or reactivate the Malwarebytes installation.
- Generates output (mbst-clean-results.txt) to the directory where the Support Tool was run from.
- Forces a reboot to perform post-reboot cleanup.
- Forces a reboot to perform post-reboot cleanup if /noreboot is removed.
- See the example below for using the tool with the Nebula Endpoint Agent or Endpoint Security.
- Optional: Prevents unscheduled reboots after cleanup. Recommended for Servers.
- Optional: Ensures there is no post reboot cleanup.
- The Post Reboot Cleanup execution is intended to run subsequent to a reboot.
- If the /nopr switch is used prior to reboot, re-running the tool before a reboot will trigger the post-reboot operation prematurely and attempts to remove files still in use, or locked by the operating system.
- Optional: Ensures that check for support tool updates including the clean.json file are skipped during cleanup.
- If applicable, prevents the Windows error message indicating a download failure while running the cleanup tool.
- /epatoken "NoTamperProtection"
- Used when there is no token, and Tamper Protection is disabled.
- This does not reset the epatoken or disable Tamper Protection.
- Prevents the Windows error message indicating there is an illegal 16-bit app on older EPA versions.
- Full support tool command line process with switch options included:
mbstcmd-18.104.22.168.exe -y -cleanup -noreboot -nopr -dev -epatoken "NoTamperProtection" reboot manually mbstcmd-22.214.171.124.exe -y -cleanup -noreboot -nopr -dev reboot manually