When creating a base image with a Malwarebytes Endpoint Protection installation, the Malwarebytes installer should be prevented from connecting to the internet before the image is generalized by Sysprep. This may be easier to accomplish if the Malwarebytes installation is saved for the last step when configuring an image.
If the endpoint agent is allowed to reach the internet and check into Malwarebytes servers, a unique software ID will be assigned to the endpoint agent machine. As a result, any other machine spun up from this image will be a duplicate entry of the original ID accidentally assigned to your base image's Malwarebytes installation.
There are two parts to the process: create the installer, and install Malwarebytes on your base image.
Create the installer
Before you create the image, you need to select an installer package. There are 2 types of packages to choose from:
- Full installer package: This includes needed system prerequisites.
- MSI installer: Useful If the installation's system prerequisites are already satisfied. For MSI installer requirements, see the Malwarebytes Nebula platform Administrator Guide.
- To create the installer, follow steps 1–5 in this article: Add Windows endpoints in Nebula.
- After downloading and exporting the package in step 5, return to this article and follow the install steps below.
Install Malwarebytes on your base image
- Copy the installer to your base image environment.
- Disconnect your base image environment from the network.
- Run the Malwarebytes installer.
- If you need to add proxy information, you may do so during the installation process. See Change proxy settings for Malwarebytes Endpoint Protection.
- If you prefer to script environment setup tasks, proxy information can be set with switches when using the MSI-based installer.
- If you require a network connection to complete other tasks before Sysprep, stop the agent service to avoid automatic ID assignment:
- Open services.msc.
- Right-click on the Malwarebytes Endpoint Agent service and select Stop.
- It is now safe to re-enable network connectivity for the base image machine.
- When installation is complete and the agent is on the base image machine, you may safely perform Sysprep generalization and subsequent image capture.
- When ready to deploy your new base image, be sure to test it on 2 or 3 machines first to ensure the endpoint agent does not encounter any issues.
Once the image is deployed and the endpoint user logs into Windows, the Malwarebytes Endpoint Protection agent:
- Performs a check-in.
- Receives an ID assignment.
- Downloads and installs real-time protection and scanning engine items, which are configured according to the Group and Policy settings in the Malwarebytes Nebula platform.