NOTICE - On May 3, 2022, Windows endpoints that use Malwarebytes Incident Response were automatically updated to use Malwarebytes Endpoint Protection components.
Technical changes
Malwarebytes Incident Response was updated with the following technical changes:
- Enhanced threat detection and remediation capabilities.
- Added a persistent Malwarebytes Service (MBAMService.exe) with Real-Time Protection components disabled.
- Added the following folders containing Endpoint Protection files:
- %ProgramFiles%\Malwarebytes Endpoint Agent\Plugins\Endpoint Protection
- %ProgramFiles%\Malwarebytes\Anti-Malware
- %ProgramData%\Malwarebytes\MBAMService
- Removed the following Incident Response folder:
- %ProgramFiles%\Malwarebytes Endpoint Agent\Plugins\Incident Response
- The endpoint's quarantine folder is removed during the update process and replaced with an new quarantine folder after the update.
- The About tray window now includes Endpoint Protection, Protection Service, Component Package, Protection Update, and Protection Update Publication version information.
- The About tray window no longer includes Incident Response version information.
- During scans, a process for advanced threat detection and remediation may run:
- "%ProgramFiles%\Malwarebytes\Anti-Malware\ig.exe"
- Running “eacmd.exe –versions” now includes Endpoint Protection, Protection Service, Component Package, Protection Update, and Protection Update Publication version information.
- Running “eacmd.exe –versions” no longer includes Incident Response version information.
- The Endpoint Details in the Malwarebytes Nebula and OneView now show Endpoint Protection version information.
- The Endpoint Details in the Malwarebytes Nebula and OneView no longer show Incident Response version information.
Impact to the endpoint and Nebula console
Before the update occurs, restore any quarantined and non-malicious files you want to keep.
During the update process the following happens:
- The endpoint's quarantine folder is deleted and a new quarantine folder is created.
- Files are deleted from the Quarantine page.
The Detections page and the Scan History report contain historical data on detected threats which is not deleted during this update. You'll continue to see this data in Nebula.