Malwarebytes OneView comes with a default policy configured by the console. However once a policy is modified, there is no way to easily restore the policy back to it's default configuration. To restore a policy to its default state, you must configure it manually.
This article details all default policy settings which come with a new Nebula console. To view our best practices for policy settings, see Malwarebytes Nebula best practices guide.
Table of contents:
- Endpoint agent
- Tamper protection
- Protection settings
- Scan settings
- Endpoint Detection and Response
- Brute force protection
- Software management
The following displays the default status for each policy option and operating system:
- ✓ Policy option is enabled.
- -- Policy option is disabled.
- X Policy option is unavailable.
Endpoint agent
For more information on each policy setting, see Configure Endpoint agent settings in OneView.
| Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
| Show the Malwarebytes icon in the notification area | ✓ | ✓ | X | X | X | X |
| Display real-time protection notifications | ✓ | ✓ | X | X | X | X |
| Allow users to run a Threat Scan (all threats will be quarantined automatically) | ✓ | ✓ | X | X | X | X |
| Show Malwarebytes shortcuts on Start menu and desktop to run Threat Scans | -- | X | X | X | X | X |
| Show Malwarebytes option in context menus | ✓ | X | X | X | X | X |
| Allow only Administrator level users to interact with the Malwarebytes Tray | -- | X | X | X | X | X |
| Automatically download and install Malwarebytes application updates | ✓ | ✓ | X | X | X | X |
| Pause endpoint agent updates | -- | X | X | X | X | X |
| Automatically reboot endpoints when required | -- | -- | X | X | X | X |
| Use memory caching | X | X | X | ✓ | ✓ | X |
| Allow users to postpone a reboot | ✓ | ✓ | X | X | X | X |
| Automatically remove endpoints not seen in 90 days | ✓ | ✓ | ✓ | X | X | X |
| Provide all services with additional time to initiate | ✓ | X | X | X | X | X |
| Enable service health monitoring | -- | X | X | X | X | X |
Tamper protection
For more information on each policy setting, see Configure Tamper protection options in OneView.
| Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
| Uninstall Protection | ✓ | ✓ | X | X | X | X |
| Service and Process Protection | ✓ | X | X | X | X | X |
Protection settings
For more information on each policy setting, see Configure Protection settings in OneView.
| Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
| Web protection | ✓ | X | X | X | X | ✓ |
| Exploit protection | ✓ | X | X | X | X | x |
| Block potentially malicious email attachments (Outlook desktop only) | ✓ | X | X | X | X | X |
| Malware protection | ✓ | ✓ | ✓ | X | X | |
| Behavior protection | ✓ | X | X | ✓ | ✓ | X |
| Block untrusted applications | X | ✓ | X | X | X | X |
| Ad block | X | X | X | X | X | ✓ |
| Self-Protection (Requires Real-time protection to be enabled) | ✓ | X | X | X | X | X |
| Boot Process | -- | X | X | X | X | X |
| Device Control (Set to Allow full access to the device) | ✓ | X | X | X | X | X |
|
Check for protection software updates (1 Hour) |
✓ | X | X | X | X | X |
| Protection updates delay (No delay) | ✓ | X | X | X | X | X |
| Delay real-time protection when Malwarebytes starts for (15 seconds) | -- | X | X | X | X | X |
| Windows Action Center (Let Malwarebytes apply the best Windows Action Center settings) | -- | X | X | X | X | X |
| Allow protection updates over expensive networks | X | X | X | -- | -- | -- |
Scan settings
For more information on each policy setting, see Configure Scan settings in OneView.
| Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
| Scan the contents of compressed folders (e.g. .zip, .rar. etc.) | ✓ | X | X | X | X | X |
| Detect signature-less anomalous files | ✓ | X | X | X | X | X |
| Scan for rootkits on the endpoints | -- | ✓ | X | X | X | X |
| Treat potentially unwanted programs (PUPs) as malware | ✓ | ✓ | X | X | X | X |
| Treat potentially unwanted modifications (PUMs) as malware | ✓ | X | X | X | X | X |
| Use deep scanner during a full scan | x | x | x | ✓ | ✓ | X |
| Use power saver during scans | x | x | x | ✓ | X | X |
| Perform scans only while charging | x | x | x | -- | -- | X |
| Scan automatically after reboot | x | x | x | ✓ | ✓ | X |
| Scan automatically after update | x | x | x | ✓ | ✓ | X |
| Select how endpoints should prioritize scans vs system performance (Low Priority: Better multi-tasking response) | ✓ | X | X | X | X | X |
| Select maximum allocation of CPU resources for scans (Low 25%) | -- | ✓ | X | X | X | X |
Endpoint Detection and Response
For more information on each policy setting, see Configure Endpoint Detection and Response options in OneView.
| Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
| Suspicious activity monitoring | ✓ | ✓ | ✓ | X | X | X |
| Enable server operating system monitoring for suspicious activity | ✓ | X | ✓ | X | X | X |
| Enables a very aggressive detection mode | -- | X | X | X | X | X |
| Collect networking events to include in searching | ✓ | X | X | X | X | X |
| Flight Recorder Search | ✓ | ✓ | ✓ | X | X | X |
| Ransomware Rollback | ✓ | X | X | X | X | X |
| Rollback timeframe (72 Hours) | ✓ | X | X | X | X | X |
| Rollback free disk space quota (30%) | ✓ | X | X | X | X | X |
| Workstation rollback filesize (20 MB) | ✓ | X | X | X | X | X |
| Server rollback filesize (100 MB) | ✓ | X | X | X | X | X |
| Enable endpoint isolation to allow locking/unlocking of endpoints | ✓ | ✓ | ✓ | X | X | X |
| Active Response Shell | ✓ | X | X | X | X | X |
| Enable secure connections using certificate pinning | ✓ | X | X | X | X | X |
Brute force protection
For more information on each policy setting, see Configure Brute Force Protection in OneView.
| Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
| RDP (Port Blank) | ✓ | X | X | X | X | X |
| FTP (Port 21) | -- | X | X | X | X | X |
| IMAP (Port 143/9993) | -- | X | X | X | X | X |
| MSSQL (Port 1433) | -- | X | X | X | X | X |
| POP3 (Port 110/995) | -- | X | X | X | X | X |
| SMTP (Port 25/465/587/2525) | -- | X | X | X | X | X |
| Prevent private network connections from being blocked | -- | X | X | X | X | X |
Software management
For more information on each policy setting, see Configure Software management in OneView.
| Policy Option | Windows | Mac | Linux | Android | ChromeOS | iOS |
| Allow scanning for known vulnerabilities in installed software (Vulnerability Assessment) | ✓ | -- | X | X | X | X |
|
Allow updating software inventory and applying available OS patches for endpoints (Patch Management) |
✓ | X | X | X | X | X |
|
Allow blocking chosen executables from running |
✓ | X | X | X | X | X |
| Connected storage device (USB storage, etc.) | ✓ | ✓ | ✓ | X | X | X |
| Physical and virtual memory of the endpoints | ✓ | ✓ | ✓ | X | X | X |
| Installed startup programs on the endpoints | ✓ | ✓ | ✓ | X | X | X |
| Installed software on the endpoints | ✓ | ✓ | ✓ | X | X | X |
| Software updates installed on the endpoints | ✓ | ✓ | ✓ | X | X | X |