Skip to main content

Perform actions on endpoints in Nebula

Use the Nebula console to quickly and easily perform actions across thousands of endpoints with just a few clicks. This article explains the actions available to you.

Actions are performed from the Endpoints screen.

  1. On the left navigation pane, go to Manage > Endpoints.
  2. Select endpoints.
  3. In the top right, click Actions.
  4. Select one of the actions from the drop-down menu:
    • Scan + Report: Tells the endpoint to check for protection updates, then run a Threat Scan and report the results. Any detected threats are not removed.
    • Scan + Quarantine: Tells the endpoint to check for protection updates, then run a Threat Scan. Any detected threats are quarantined and scan results are reported.
    • Remediate Endpoint(s): Remediates found threats on an endpoint. A restart may be needed to complete remediation.
    • Restart Endpoint(s): Reboot the selected endpoint(s).
      • Allow user to postpone: Enables a popup on endpoints, which allows users to postpone a reboot by 10, 30, or 60 minutes. A user can continue to postpone the reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait for 1 minute for additional postponement otherwise the endpoint will reboot. If a user postpones a reboot, an Audit event is logged on the Events page.
    • Isolate Endpoint(s): Isolates the endpoint from the network to prevent an active threat from spreading. The console continues to communicate with the endpoint. This feature requires Malwarebytes Endpoint Detection and Response.
    • Remove Isolation: Restores access to the endpoint if it is isolated. This feature requires Malwarebytes Endpoint Detection and Response.
    • Launch Active Response Shell: Launches the Active Response Shell remote session on selected endpoints. For more information, see Active Response Shell in Nebula.
    • Refresh Assets: Updates hardware and software asset information for the endpoint. For more information on asset updates, see Overview of Software management settings in Nebula.
    • Check for Protection Updates: Tells the endpoint to perform an immediate check for Protection Updates. While scans also do this, selecting this action makes sure that Real-time Protection uses the most recent updates. For more information, see Protection Updates settings in Nebula.
    • Check for Agent Updates: Tells the endpoint to perform an immediate check for Malwarebytes Agent Updates. If an update is available, a status indicator displays and an Update Agent action must be issued to initiate the update. 
    • Update Agent: Tells the endpoint to install the latest Malwarebytes software. A restart may be needed to complete the installation. IMPORTANT: Reboots are handled as configured via your policy Reboot Options.
    • Generate Diagnostic Logs: Tells the online endpoint to send diagnostic logs to Nebula. When the task completes, the Diagnostic Logs Available icon 2021-01-04_11-36-33.png displays on the Endpoint Details page in the top-right corner. Hover your cursor over this icon for the option to download the logs.
    • Move: Moves the endpoint to a different selected group within Nebula. For more information, see Manage groups in Nebula.
    • Delete: Deletes the endpoint from the Nebula console. For more information, see Uninstall endpoints in Nebula.

When you select an action from the Actions menu, the Malwarebytes console tells the selected endpoints to perform that action as soon as possible. The amount of time needed for an endpoint to perform an action can vary. Endpoint response time depends on the type of action and how quickly the endpoint can process the action request.

 

Return to the Nebula Administrator Guide.

Related articles