Help

Deploying Malwarebytes Endpoint Agent

timbrownell
New Contributor II

Posted on ‎01-22-2021 08:43 AM

After a LOT of head banging, I finally am able to deploy Malwarebytes Endpoint Agent to computers via JAMF. I wanted to share to help others who may be looking for assistance. Please feel free to tweak any of this as there may be better ways, but this worked for me.

FYI … this is the deployment method that worked for me in JAMF

1) Log in to the Malwarebytes Nebula platform.
2) Go to Downloads.
3) In the Mac section, click Download to download the Mac Endpoint Installer to your local device.
4) For JAMF the brackets [ ] are incompatible, replace the PKG filename brackets to an underscore enclosing the account token.

File name downloaded Setup.MBEndpointAgent[xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx]_.pkg

New file name Setup.MBEndpointAgent__xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx__.pkg*

5) Upload the renamed package to JAMF
6) Upload & Scope “Malwarebytes KEXT Whitelist
7) Upload & Scope “Privacy Settings Whitelist - Malwarebytes Protection
8) Create script to register the installation with Nebula

#!/bin/sh 
cd /Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/EndpointAgentDaemon.app/Contents/MacOS/
sudo ./EndpointAgentDaemon ACCOUNTTOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
sudo launchctl stop com.malwarebytes.agent.daemon
sudo launchctl start com.malwarebytes.agent.daemon
exit

9) Create & Scope a Policy to Install the package & run the script (set script to run AFTER)
10) Deploy

Reply
13 REPLIES 13

jhalvorson
Valued Contributor

Posted on ‎01-22-2021 11:56 AM

Thanks for posting. I believe you'll want to remove the "sudo"s from the script for best results, since it will run as a Jamf policy.

Reply

pinsent
New Contributor III

Posted on ‎03-04-2021 03:39 AM

Not exactly sure why but I'm getting an exit code of 139 using this script

0 Kudos
Reply

mani2care
Contributor

Posted on ‎03-24-2021 05:58 AM

Malwarebytes uninstall script anything is available?

0 Kudos
Reply

Trinity_Avatar
New Contributor II

Posted on ‎07-24-2022 12:58 PM

Thanks for posting!

Where do you get the below info?

EndpointAgentDaemon ACCOUNTTOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

 Thanks!

0 Kudos
Reply

Trinity_Avatar
New Contributor II

Posted on ‎07-24-2022 01:04 PM

Specifically, where do you get the "accounttoken"?

0 Kudos
Reply

chelm
New Contributor III
In response to Trinity_Avatar

Posted on ‎11-09-2022 02:04 PM

The account token is in the filename.  It is all the "x"'s

0 Kudos
Reply

smpatel
New Contributor II

Posted on ‎06-27-2023 09:03 AM

Hey @timbrownell ,

Thank you for these details and it works for me. 

But did you set up the extension attribute as well? 

If yes then can you please share a script of that?

0 Kudos
Reply

timbrownell
New Contributor II

Posted on ‎06-27-2023 11:46 AM

@smpatel

 

if you are looking for a config profile I am still using this one:  https://service.malwarebytes.com/hc/en-us/article_attachments/4413803553043/Malwarebytes_Protection_...

 

 

0 Kudos
Reply

smpatel
New Contributor II

Posted on ‎06-27-2023 11:59 AM

I am looking for an extension attribute script. so through extension attributes, we can see the Marwalebytes are in the system and active or deactivate. 

Attaching a screenshot for idea. we used ESET Endpoint before and now start using Marwalebytes. 

smpatel_0-1687892327309.png

 

0 Kudos
Reply

timbrownell
New Contributor II
In response to smpatel

Posted on ‎06-27-2023 12:11 PM

No I do not have that.  Once installed I manage via the Nebula dashboard.

Reply

smpatel
New Contributor II
In response to timbrownell

Posted on ‎06-27-2023 12:17 PM

I see, Thank you.

0 Kudos
Reply

chelm
New Contributor III

Posted on ‎06-27-2023 12:36 PM

@smpatel We use 2 EA's, one for installed and the other for running.  They are really simple, so I am not sure this is what you are looking for or not. 

#!/bin/zsh

###############################################################################################
#
# Script Name:  MalwareBytes Extension Attributes
# Date:			05/02/2023
# Purpose:		Simple script to check if the MalwareBytes is installed
#	
# Target: 		All computers
# Written by:	chelm
#
###############################################################################################

MBApp="/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/UserAgent.app"

if [[ -d $MBApp ]]; then
    echo "<result>Pass (Installed)</result>"
else        
    echo "<result>Fail (Not Installed)</result>"    
fi

exit

 

#!/bin/zsh

###############################################################################################
#
# Script Name:  MalwareBytes Extension Attributes
# Date:			05/02/2023
# Purpose:		Simple script to check if the MalwareBytes process is running
#	
# Target: 		All computers
# Written by:	chelm
#
###############################################################################################

PROCESS='UserAgent'
number=$(ps aux | grep -v grep | grep -ci $PROCESS)

if [[ $number -gt 0 ]]; then
    echo "<result>Pass (Running)</result>"
else        
    echo "<result>Fail (Not Running)</result>"    
fi

exit

Does that help?

Reply

smpatel
New Contributor II

Posted on ‎08-24-2023 07:02 AM

@chelm Thanks, It works for me to see in the extension Attribute. 

Sorry for the replying delay. 

 

0 Kudos
Reply