The Tamper protection policy option in Malwarebytes OneView protects endpoints by limiting end user ability to uninstall Malwarebytes. This also prevents malicious threats from stopping, modifying, or deleting Malwarebytes.
Watch this video for an overview of the tamper protection settings in OneView.
Tamper protection settings
To find and toggle these option's in the OneView console, click Configure > Policies > select a policy > select the Tamper protection tab.
Options in this section are as follows:
- Uninstall Protection: Stops all endpoint users from uninstalling Malwarebytes agent software or stopping the Malwarebytes service by requiring a separate password. This is enabled by default for all new and cloned policies, users who attempt to uninstall the endpoint agent cannot proceed without this password.
- Click the show password icon to view the current password.
- Click the copy icon to copy the current password when shown.
- Click Change password to modify the current password.
- Service and Process Protection (Windows only): Prevents malware from stopping, modifying, or deleting the following Windows services:
- Malwarebytes Endpoint Agent: Handles the communication between Nebula and the endpoint. Protected on Windows 10 Build 1703 and above.
- Malwarebytes Service: Protection component of Malwarebytes that blocks and removes threats. Protected on Windows 7 and above.
- Endpoint Protection or Endpoint Detection and Response are required to use both features.
- Both features do not support Windows XP endpoints.
Return to the Malwarebytes OneView User Guide.