Question

Deploying Malwarebytes Endpoint Agent

4 years ago
January 22, 2021
13 replies
12 views

timbrownell
New Contributor
2 replies

After a LOT of head banging, I finally am able to deploy Malwarebytes Endpoint Agent to computers via JAMF. I wanted to share to help others who may be looking for assistance. Please feel free to tweak any of this as there may be better ways, but this worked for me.

FYI … this is the deployment method that worked for me in JAMF

1) Log in to the Malwarebytes Nebula platform.
2) Go to Downloads.
3) In the Mac section, click Download to download the Mac Endpoint Installer to your local device.
4) For JAMF the brackets [ ] are incompatible, replace the PKG filename brackets to an underscore enclosing the account token.

File name downloaded Setup.MBEndpointAgent[xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx]_.pkg

New file name Setup.MBEndpointAgent__xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx__.pkg*

5) Upload the renamed package to JAMF
6) Upload & Scope “Malwarebytes KEXT Whitelist”
7) Upload & Scope “Privacy Settings Whitelist - Malwarebytes Protection”
8) Create script to register the installation with Nebula

#!/bin/sh 
cd /Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/EndpointAgentDaemon.app/Contents/MacOS/
sudo ./EndpointAgentDaemon ACCOUNTTOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
sudo launchctl stop com.malwarebytes.agent.daemon
sudo launchctl start com.malwarebytes.agent.daemon
exit

9) Create & Scope a Policy to Install the package & run the script (set script to run AFTER)
10) Deploy

+26

jhalvorson
Honored Contributor
457 replies
4 years ago
January 22, 2021

Thanks for posting. I believe you'll want to remove the "sudo"s from the script for best results, since it will run as a Jamf policy.

pinsent
Contributor
22 replies
4 years ago
March 4, 2021

Not exactly sure why but I'm getting an exit code of 139 using this script

mani2care
Contributor
82 replies
4 years ago
March 24, 2021

Malwarebytes uninstall script anything is available?

Trinity_Avatar
New Contributor
3 replies
3 years ago
July 24, 2022

Thanks for posting!

Where do you get the below info?

EndpointAgentDaemon ACCOUNTTOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Thanks!

Trinity_Avatar
New Contributor
3 replies
3 years ago
July 24, 2022

Specifically, where do you get the "accounttoken"?

chelm
Contributor
32 replies
2 years ago
November 9, 2022

Trinity_Avatar wrote:

Specifically, where do you get the "accounttoken"?

The account token is in the filename. It is all the "x"'s

smpatel
New Contributor
8 replies
2 years ago
June 27, 2023

Hey @timbrownell ,

Thank you for these details and it works for me.

But did you set up the extension attribute as well?

If yes then can you please share a script of that?

timbrownell
Author
New Contributor
2 replies
2 years ago
June 27, 2023

@smpatel

if you are looking for a config profile I am still using this one: https://service.malwarebytes.com/hc/en-us/article_attachments/4413803553043/Malwarebytes_Protection_profile_10_15.mobileconfig

smpatel
New Contributor
8 replies
2 years ago
June 27, 2023

I am looking for an extension attribute script. so through extension attributes, we can see the Marwalebytes are in the system and active or deactivate.

Attaching a screenshot for idea. we used ESET Endpoint before and now start using Marwalebytes.

timbrownell
Author
New Contributor
2 replies
2 years ago
June 27, 2023

smpatel wrote:

I am looking for an extension attribute script. so through extension attributes, we can see the Marwalebytes are in the system and active or deactivate.

Attaching a screenshot for idea. we used ESET Endpoint before and now start using Marwalebytes.

No I do not have that. Once installed I manage via the Nebula dashboard.

smpatel
New Contributor
8 replies
2 years ago
June 27, 2023

timbrownell wrote:

No I do not have that. Once installed I manage via the Nebula dashboard.

I see, Thank you.

chelm
Contributor
32 replies
2 years ago
June 27, 2023

@smpatel We use 2 EA's, one for installed and the other for running. They are really simple, so I am not sure this is what you are looking for or not.

#!/bin/zsh

###############################################################################################
#
# Script Name:  MalwareBytes Extension Attributes
# Date:			05/02/2023
# Purpose:		Simple script to check if the MalwareBytes is installed
#	
# Target: 		All computers
# Written by:	chelm
#
###############################################################################################

MBApp="/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/UserAgent.app"

if [[ -d $MBApp ]]; then
    echo "<result>Pass (Installed)</result>"
else        
    echo "<result>Fail (Not Installed)</result>"    
fi

exit

#!/bin/zsh

###############################################################################################
#
# Script Name:  MalwareBytes Extension Attributes
# Date:			05/02/2023
# Purpose:		Simple script to check if the MalwareBytes process is running
#	
# Target: 		All computers
# Written by:	chelm
#
###############################################################################################

PROCESS='UserAgent'
number=$(ps aux | grep -v grep | grep -ci $PROCESS)

if [[ $number -gt 0 ]]; then
    echo "<result>Pass (Running)</result>"
else        
    echo "<result>Fail (Not Running)</result>"    
fi

exit

Does that help?

smpatel
New Contributor
8 replies
1 year ago
August 24, 2023

@chelm Thanks, It works for me to see in the extension Attribute.

Sorry for the replying delay.

Reply

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Reply

Related topics

Package Malwarebytes Endpoint Agenticon

MacOS Fulldisk accessicon

Covalence from Field Effet won't take the licence that is pushicon

Uninstalling Malwarebytes endpointicon

Deploying Malwarebytes for Mac 1.1.3.72icon

Most helpful members this week

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings