Policies define OneView's behavior when running a scheduled scan, using Real-Time Protection, or monitoring Suspicious Activity. Policies are applied at the site and group level in OneView, and all endpoints in a group use the same policy. By default, endpoints added to the console belong to the Default Group, which uses the Default Policy.
Configure Endpoint agent settings
- On the left navigation menu, click Configure > Policies.
- Click the + icon or select an existing policy.
- Select the Endpoint agent tab to see the specific settings available for each operating system.
User interface options
User interface options allow you to adjust the endpoint user experience. This controls what your end users see on their machines and how they can interact with Endpoint Agent.
Options in this section are as follows:
- Show the Malwarebytes icon in the notification area: Shows the Endpoint Agent icon in the Windows taskbar or Mac menu bar.
- Display real-time protection notifications: Shows notifications on screen for any enabled Real-Time Protection options. For more information, see Real-Time Protection in Configure Protection settings in OneView.
-
Allow users to run a User Threat Scan: Allows users to run Threat Scans with all detected threats in quarantine. Users may cancel Threat Scans but can't cancel scans controlled by the console. Threat Scans run by users are listed in the Events screen as On demand scans.
- Show Malwarebytes shortcuts on Start menu and desktop to run Threat Scans: Creates shortcuts in the endpoint's Start Menu and desktop. User Threat Scan must be enabled to use this setting.
- Show Malwarebytes option in context menus: Allows users to scan files by right-clicking them. These scans share the same properties as the User Threat Scan above.
- Allow only Administrator level users to interact with the Malwarebytes Tray: Disables the Endpoint Agent Tray process from loading on standard-level user accounts. Only Administrator-level users will have access to the tray process and icon. For general end users, the icon won't display on the endpoint. This is useful for running the Endpoint Agent in a more silent manner or for a multi-user environment such as Microsoft Terminal Services.
Software updates
The Software Updates policy option in OneView allows control over when endpoints receive software updates. This option only applies to Protection Service updates; Component Package updates are always automatic.
Options in this section are as follows:
- Automatically download and install Malwarebytes application updates: Automatically downloads and installs protection service updates on endpoints.
- Pause Software Updates: Stops software updates from being applied on endpoints for up to 31 days. After 31 days, endpoints resume receiving software updates when they are released. When enabled, the policy screen shows the date and time when updates will continue.
Mobile performance
Mobile performance options control the impact of the endpoint agent on mobile devices. Options in this section are as follows:
- Use memory caching: Increase the agent's performance, but at the cost of using more memory in the background (not recommended on older devices).
Reboot settings
Reboot options control how the Endpoint Agent handles requests from the console to restart endpoints. Reboots are sometimes needed to finish malware remediation or to apply system changes after the software is updated or removed.
Options in this section are as follows:
- Automatically reboot endpoints when required: Choose if the endpoint automatically restarts as needed. If you turn this off, malware might not be entirely removed from the endpoint, and software updates might not be applied.
- Delay time before automatic reboot: The amount of time the endpoint will wait before rebooting.
- Message to display when a reboot is required: A customizable message is displayed on the endpoint when it needs to reboot.
- Allow users to postpone a reboot: Enables a popup on endpoints, which allows users to postpone a reboot by preset times of 10, 30, or 60 minutes. A user can postpone a reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait 1 minute for additional postponement; otherwise, the endpoint will reboot. If a user postpones a reboot, the Events screen shows an Audit event.
Inactive endpoints
The Inactive Endpoint Removal option in OneView allows you to remove endpoints from your OneView sites that have been inactive for a set period. When enabled in a policy, endpoints not checked in with the console within the specified time frame are automatically removed. By default, this is enabled to 90 days and can be configured between 1-365 days.
Endpoints removed due to this option automatically reappear in OneView with their historical data if they come online again. Some example scenarios are:
- Laptop devices are kept in storage and then powered on at a later date
- Desktop devices not used while employees are working remotely for an extended period but are powered on at a later date once employees return to the office
Once you enable this option in a policy, allow up to 24 hours for the OneView console to automatically remove endpoints outside your specified time frame.
Startup options
Startup Options control how services behave on your endpoints. Options in this section are as follows:
- Provide all services with additional time to initiate: Enables extra time for services to finish loading at system startup before they timeout.
- Maximum time to wait for the services to initiate: Choose a preset timeout period. You may select 1, 5, or 10 minutes. The endpoint may need more time to start if it has many services loading at startup or is running additional security software
Health monitoring
Health monitoring provides additional settings to ensure the endpoint agent is running correctly. Options in this section are as follows:
- Enable service health monitoring: Launches a secondary service on endpoints designed to monitor and restart the endpoint agent service if it goes offline or is stopped manually on the endpoint.
