Policies define how Malwarebytes behaves when running a scheduled scan, using Real-Time Protection, or monitoring Suspicious Activity. Policies are applied at the site and group level in Malwarebytes OneView, and all endpoints in a group use the same policy.
Watch this video for an overview of the Endpoint Detection and Response settings in OneView.
Endpoint Detection and Response settings
To locate the Endpoint Detection and Response settings tab in your policy:
- Log in to Malwarebytes OneView.
- On the left navigation pane, click Settings.
- Click Policies. Click the + icon or select an existing policy.
- Select the Endpoint Detection and Response tab to see the specific settings available for each operating system.
Suspicious activity monitoring
Suspicious activity monitoring is a feature included in Malwarebytes Endpoint Detection and Response. It watches for potentially malicious behavior by monitoring the processes, registry, file system, and network activity on the endpoint. Suspicious activity monitoring uses machine learning models and cloud-based analysis to detect when questionable activity occurs.
For more information, see Configure Suspicious activity monitoring in Nebula.
Ransomware Rollback
Ransomware Rollback is a Malwarebytes Endpoint Detection and Response feature that remediates damage done to your Windows endpoints by ransomware. Ransomware Rollback uses a special restore process to reverse damage done by threats. Together with our Malware Removal Engine, the rollback cache allows the Endpoint Agent to restore files removed or encrypted by malware.
NOTICE - Suspicious Activity Monitoring must be enabled to allow rollback on workstations. Suspicious Activity Monitoring and Suspicious activity monitoring on servers must be enabled to allow roll back on servers.
For more information, see Configure Ransomware Rollback in Nebula.
Watch this video for an overview of Ransomware Rollback in OneView.
Endpoint isolation
Malwarebytes Endpoint Detection and Response includes Endpoint Isolation, which temporarily stops threats from spreading between endpoints by restricting their communication or access. An isolated endpoint can still communicate with the console and run Malwarebytes processes.
For more information, see Configure Endpoint Isolation in Nebula.
Active Response Shell
Active Response Shell provides the ability to investigate attacks, collect forensic data, and remediate detections on remote endpoints. Authorized Global Administrators can securely access their endpoints remotely with OneView.
For more information, see:
Return to the Malwarebytes OneView User Guide.