Skip to main content

Perform actions on endpoints in Nebula

Use the Nebula console to quickly and easily perform actions across thousands of endpoints with just a few clicks. This article explains the actions available to you.

Actions are performed from the Endpoints screen.

  1. On the left navigation pane, go to Manage > Endpoints.
  2. Select endpoints.
  3. In the top right, click Actions.
  4. Select one of the actions from the drop-down menu:
    • Scan + Report: Tells the endpoint to check for protection updates, then run a Threat Scan and report the results. Any detected threats are not removed.
    • Scan + Quarantine: Tells the endpoint to check for protection updates, then run a Threat Scan. Any detected threats are quarantined and scan results are reported.
    • Remediate Endpoint(s): Remediates found threats on an endpoint. A restart may be needed to complete remediation.
    • Restart Endpoint(s): Restarts endpoints individually or in bulk. You can perform this action after threat remediation, installation of new software, software update, or an overlap of the three. You can also restart Endpoints that do not have the status Restart Required.
    • Isolate Endpoint(s): Isolates the endpoint from the network to prevent an active threat from spreading. The console continues to communicate with the endpoint. This feature requires Malwarebytes Endpoint Detection and Response.
    • Remove Isolation: Restores access to the endpoint if it is isolated. This feature requires Malwarebytes Endpoint Detection and Response.
    • Launch Active Response Shell: Launches the Active Response Shell remote session on selected endpoints. For more information, see Active Response Shell in Nebula.
    • Refresh Assets: Updates hardware and software asset information for the endpoint. For more information on asset updates, see Configure Software management in Nebula.
    • Check for Protection Updates: Tells the endpoint to perform an immediate check for Protection Updates. While scans also do this, selecting this action makes sure that Real-time Protection uses the most recent updates. For more information, see Malwarebytes Endpoint Protection settings for Protection Updates.
    • Check for Agent Updates: Tells the endpoint to perform an immediate check for Malwarebytes Agent Updates. If an update is available, a status indicator displays and an Update Agent action must be issued to initiate the update. 
    • Update Agent: Tells the endpoint to install the latest Malwarebytes software. A restart may be needed to complete the installation. IMPORTANT: Reboots are handled as configured via your policy Reboot Options.
    • Generate Diagnostic Logs: Tells the online endpoint to send diagnostic logs to Nebula. When the task completes, the Diagnostic Logs Available icon 2021-01-04_11-36-33.png displays on the Endpoint Details page in the top-right corner. Hover your cursor over this icon for the option to download the logs.
    • Move: Moves the endpoint to a different selected group within Nebula. For more information, see Manage groups in Nebula.
    • Delete: Deletes the endpoint from the Nebula console. For more information, see Delete endpoints in Nebula.

When you select an action from the Actions menu, the Malwarebytes console tells the selected endpoints to perform that action as soon as possible. The amount of time needed for an endpoint to perform an action can vary. Endpoint response time depends on the type of action and how quickly the endpoint can process the action request.

 

Return to the Malwarebytes Nebula Administrator Guide.

Related articles