The Malwarebytes Endpoint Agent can be monitored using Datto RMM. Creating a policy using the Malwarebytes components, administrators can monitor the Malwarebytes Windows and Mac agent services. Separate Windows and Mac policies are recommended.
Monitor endpoints
To setup monitoring:
- Log in to Datto RMM.
- From the dashboard, click Sites.
- Click the target site name.
- Click the Policies tab.
- Select New Site Policy, complete the following fields.
- Name: Custom policy name
- Type: Monitoring
- Based On: New or existing policy
- On the new policy page, click Add Target.
- Choose the Target Type. Recommended:
- Default Device Filter
- Choose or indicate the filter options and click Add. Recommended:
- All Windows Desktops & All Windows Servers
- MacOS
- Return to the new policy page, click Add a Monitor.
- From the Monitor Type dropdown, select Component Monitor.
- Click Next.
- From Run the Component monitor dropdown select an operating system component:
- Malwarebytes Monitor MacOS
- Malwarebytes Monitor Windows
- Optionally configure variables for input to the script:
- WaitTime: Wait x minutes before checking status.
- UDFNum: Update a bookmark or link in the Nebula device to the User Defined Field xx, with a specified number.
- Click Next.
- Optionally, select Run the following component to attempt to uninstall or reinstall using Malwarebytes Monitoring. From the dropdown, select an operating system component:
- Malwarebytes OneView Endpoint Agent Deployment - MacOS
- Malwarebytes OneView Endpoint Agent Deployment - Windows
- Malwarebytes OneView Endpoint Agent Deployment - Windows [SERVER]
- Optionally, select Email the following recipients and configure for selected recipients.
- Click Next.
- Configure monitoring on the Ticket Details page.
- Click Next.
- On the policy page, click Save and Push Changes.
Monitor view examples
The Malwarebytes component monitor script verifies the necessary services are running and the anti-malware rules are updated. The information is returned by updating the antivirus status file antivirus.json. For more information about this technique, see Datto Antivirus detection.
{"product":"Malwarebytes","running":true,"upToDate":true}
This status is automatically summarized by Datto for each site in a chart.
When there is an issue, a Sites/Device/Monitor alert is shown.
Viewing the details of the alert will show a Diagnostic Summary in black, describing the issue with the Malwarebytes component.
Return to the Malwarebytes OneView integration with Datto RMM guide.