Suspicious Activity Monitoring is a feature included in Malwarebytes Endpoint Detection and Response (EDR). It watches for potentially malicious behavior by monitoring the processes, registry, file system, and network activity on endpoints. Suspicious Activity Monitoring uses machine learning models and cloud-based analysis to detect when questionable activity occurs.
Detections are highlighted for your review in the Suspicious Activity page. Not all activity detected is guaranteed to be malicious, some detections are triggered by benign operations on the system.
The Suspicious Activity screen gives context for each detection to help determine whether the activity is truly malicious. Once an administrator understands what triggered the detection, they can choose to remediate the threat or close the incident as an expected behavior.
Feature requirements
- Sites assigned with a Malwarebytes Endpoint Detection and Response subscription.
- Suspicious Activity Monitoring enabled in policy settings in Endpoint Detection and Response section
- For optimal performance, 1.1Mbps of network bandwidth for every 100 endpoints that use Suspicious Activity Monitoring.
To enable Suspicious Activity Monitoring and manage monitored events, see:
- Configure Endpoint Detection and Response options in Malwarebytes OneView
- Manage Suspicious Activity events in Malwarebytes OneView
Return to the Malwarebytes OneView User Guide.