Skip to main content

Monitor Malwarebytes endpoints using Datto RMM

The Malwarebytes Endpoint Agent can be monitored using Datto RMM. Creating a policy using the Malwarebytes components, administrators can monitor the Malwarebytes Windows and Mac agent services. Separate Windows and Mac policies are recommended.

Monitor endpoints

To setup monitoring: 

  1. Log in to Datto RMM
  2. From the dashboard, click Sites.
  3. Click the target site name. 
  4. Click the Policies tab. 
  5. Select New Site Policy, complete the following fields.
    • Name: Custom policy name
    • Type: Monitoring
    • Based On: New or existing policy
  6. On the new policy page, click Add Target. 
  7. Choose the Target Type. Recommended:
    • Default Device Filter
  8. Choose or indicate the filter options and click Add. Recommended:
    • All Windows Desktops & All Windows Servers
    • MacOS
  9. Return to the new policy page, click Add a Monitor. 
  10. From the Monitor Type dropdown, select Component Monitor.
  11. Click Next. 
  12. From Run the Component monitor dropdown select an operating system component:
    • Malwarebytes Monitor MacOS
    • Malwarebytes Monitor Windows
  13. Optionally configure variables for input to the script:
      • WaitTime: Wait x minutes before checking status.
      • UDFNum: Update a bookmark or link in the Nebula device to the User Defined Field xx, with a specified number.

    TIP - Monitor execution interval should be higher than optional WaitTime variable value.

  14. Click Next. 
  15. Optionally, select Run the following component to attempt to uninstall or reinstall using Malwarebytes Monitoring. From the dropdown, select an operating system component:
    • Malwarebytes OneView Endpoint Agent Deployment - MacOS
    • Malwarebytes OneView Endpoint Agent Deployment - Windows
    • Malwarebytes OneView Endpoint Agent Deployment - Windows [SERVER]
  16. Optionally, select Email the following recipients and configure for selected recipients. 
  17. Click Next. 
  18. Configure monitoring on the Ticket Details page.
  19. Click Next.
  20. On the policy page, click Save and Push Changes. 

Monitor view examples

The Malwarebytes component monitor script verifies the necessary services are running and the anti-malware rules are updated. The information is returned by updating the antivirus status file antivirus.json. For more information about this technique, see Datto Antivirus detection.

{"product":"Malwarebytes","running":true,"upToDate":true}

This status is automatically summarized by Datto for each site in a chart. 

mceclip0.png

When there is an issue, a Sites/Device/Monitor alert is shown.

mceclip1.png

Viewing the details of the alert will show a Diagnostic Summary in black, describing the issue with the Malwarebytes component.

mceclip2.png

 

Return to the Malwarebytes OneView integration with Datto RMM guide.

Related articles