Skip to main content

Monitor Malwarebytes endpoints using Datto RMM

The Malwarebytes Endpoint Agent can be monitored using Datto RMM. Creating a policy using the Malwarebytes components, administrators can monitor the Malwarebytes Windows and Mac agent services. Separate Windows and Mac policies are recommended.

Monitor endpoints - New interface

  1. Log in to Datto RMM.
  2. In the menu section, select Sites.
  3. Click All Sites and select the site name.
  4. Click Policies.
  5. Click Create Policy and complete the following fields:
    1. Name: Custom policy name
    2. Type: Monitoring
    3. Based On: New or existing policy
  6. In the Monitors section, click Add Monitor.
  7. Under Monitor Type, click Select and choose your Component.
  8. In the Alert Section, click Select a Component Monitor and choose your components:
    1. Malwarebytes Monitor v2 [MAC] for MacOS
    2. Malwarebytes Monitor v2 [WIN] for Windows
  9. Optionally configure variables for input to the script:
      1. WaitTime: Wait x minutes before checking status.
      2. UDFNum: Update a bookmark or link in the Nebula device to the User Defined Field xx, with a specified number.

    TIP - Monitor execution interval should be higher than optional WaitTime variable value.

  10. Optionally, configure alerts properties.
  11. Optionally, in the Response section toggle Run a Component and select from the following component to attempt to uninstall or reinstall:
    1. Malwarebytes OneView Endpoint Agent Deployment v2 - [MAC]
    2. Malwarebytes OneView Endpoint Agent Deployment v2 - [WIN]
    3. Malwarebytes OneView Endpoint Agent Deployment v2 - Server [WIN]
  12. Optionally, toggle Send an email and select Email the following recipients. Then configure for selected recipients.
  13. Optionally, toggle Send a Webhoook and configure webhoook properties.
  14. Click Add Monitor.
  15. In Targets section click Add Target and choose the Target Type. We recommend using Device Filter.
  16. Click Save and deploy now.

Monitor endpoints - Old interface

  1. Log in to Datto RMM
  2. From the dashboard, click Sites.
  3. Click the target site name. 
  4. Click the Policies tab. 
  5. Select New Site Policy, complete the following fields.
    • Name: Custom policy name
    • Type: Monitoring
    • Based On: New or existing policy
  6. On the new policy page, click Add Target. 
  7. Choose the Target Type. Recommended:
    • Default Device Filter
  8. Choose or indicate the filter options and click Add. Recommended:
    • All Windows Desktops & All Windows Servers
    • MacOS
  9. Return to the new policy page, click Add a Monitor. 
  10. From the Monitor Type dropdown, select Component Monitor.
  11. Click Next. 
  12. From Run the Component monitor dropdown select an operating system component:
    • Malwarebytes Monitor MacOS
    • Malwarebytes Monitor Windows
  13. Optionally configure variables for input to the script:
      • WaitTime: Wait x minutes before checking status.
      • UDFNum: Update a bookmark or link in the Nebula device to the User Defined Field xx, with a specified number.

    TIP - Monitor execution interval should be higher than optional WaitTime variable value.

  14. Click Next. 
  15. Optionally, select Run the following component to attempt to uninstall or reinstall using Malwarebytes Monitoring. From the dropdown, select an operating system component:
    • Malwarebytes OneView Endpoint Agent Deployment v2 - [MAC]
    • Malwarebytes OneView Endpoint Agent Deployment v2 - [WIN]
    • Malwarebytes OneView Endpoint Agent Deployment v2 - Server [WIN]
  16. Optionally, select Email the following recipients and configure for selected recipients. 
  17. Click Next. 
  18. Configure monitoring on the Ticket Details page.
  19. Click Next.
  20. On the policy page, click Save and Push Changes. 

Monitor view examples

The Malwarebytes component monitor script verifies the necessary services are running and the anti-malware rules are updated. The information is returned by updating the antivirus status file antivirus.json. For more information about this technique, see Datto Antivirus detection.

{"product":"Malwarebytes","running":true,"upToDate":true}

This status is automatically summarized by Datto for each site in a chart. 

Screenshot_2023-01-09_at_1.30.53_PM.png

When there is an issue, a Sites/Device/Monitor alert is shown.

Screenshot_2023-01-09_at_2.10.40_PM.png

Viewing the details of the alert will show a Diagnostic Summary in black, describing the issue with the Malwarebytes component.

Screenshot_2023-01-09_at_2.07.43_PM.png

 

Return to the Malwarebytes OneView integration with Datto RMM guide.

Related articles