Jamf Nation Community

I created a package that contains

/Applications/Malwarebytes.app 
 /Library/LaunchDaemons/com.malwarebytes.MBAMHelperTool.plist
/Library/PrivilegedHelperTools/com.malwarebytes.MBAMHelperTool

and in the policy: Files and Processes > Execute Command:

 launchctl load -w /Library/LaunchDaemons/com.malwarebytes.MBAMHelperTool.plist

BTW, a really good (and FREE) tool that puts a wonderful GUI on launchctl is LaunchControl . Lingon used to be the good one but LaunchControl blew it out of the water in my opinion. I used to be intimidated of doing anything with launch agents and daemons until I found that app.

Awesome, thanks for your help Clint!

Just for clarification, you only need the launchctl to launch the process that first time because on the next restart of the computer it will launch itself?

On the other hand, some of our users go a really long time without a restart so the launchctl command is probably a good idea!

I would assume so. This is my first exposure to these PrivilegedHelperTools. Generally speaking, once you "load" an agent or daemon, the plist determines exactly when it is supposed to run. Some are set to keep alive and always run, some are set to run every few hours, and it looks like this one for Malwarebytes is set to run when it is called upon. I dunno. I'm just guessing because this one is a little different from others I've had to work with.

Now that's not to say that the process won't ever crash. Sometimes if it crashes, the launchdaemon won't start up again until you restart the computer.

The 1.2.4 update changes the names of the LaunchDaemon and PrivilegedHelperTool files.
OLD:

 /Library/LaunchDaemons/com.malwarebytes.MBAMHelperTool.plist
/Library/PrivilegedHelperTools/com.malwarebytes.MBAMHelperTool

NEW:

 /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist
/Library/PrivilegedHelperTools/com.malwarebytes.HelperTool

So this means the command you'd have to run to activate the LaunchDaemon is:

launchctl load -w /Library/LaunchDaemons/com.malwarebytes.HelperTool.plist

@AVmcclint Thx for sharing this, working on deploying this to Self Service as well. Have you figured out a way to keep the signatures up to date on this or does the user have to initiate the check of "Update Signatures" from the menu bar?

I have not. I just rely on the app to check for signatures at launch or manually checking from the menu bar. I have been told that if you pay for the business version of MalwareBytes, there is a command line component to it for applying updates and even running scans (like if you were using ARD or ssh'd to a Mac). However, I was unable to get the malwarebytes folks to give me a straight answer on the cost. I couldn't get a straight answer out of them for anything, in fact. I can only assume if you want to do anything with the app that is NOT in the GUI, you'll have to pay big bucks.

In theory, shouldn't you be able to script the user update action via AppleScript?

It's very crude, but:

tell application "/Applications/Malwarebytes Anti-Malware.app"
    activate
    delay 1
    tell application "System Events" to tell process "Malwarebytes Anti-Malware" to set visible to false
    delay 30 --set this to whatever. This is when the updating happens.
    quit
end tell

Only if the app itself has Applescript dictionaries built into it (right?). I just launched the Applescript editor and did File > Open Dictionary... Malwarebytes did not appear in the list. It also does not seem to include Automator support either.

Hey @AVmcclint I posted an example that crudely works. I don't believe for this purpose you need to have an App that is "scriptable." With AppleScript (in my extremely limited knowledge) this is all just objects on the screen. I didn't get into scripting the menu actions of "Scanner" and "Scan" but it seems plausible.

With the above script, this opens the app, waits a second, hides it, and then waits however long you want while it's updating definitions (couldn't find a way to force, but every time it opened, it scanned) then quits. The hiding bit is very inconsistent, though. Maybe an AppleScripter with actual knowledge could help :-)

Thanks, @AVmcclint. I just built a package and policy using your guidance, and deployed it to my test Mac. It worked properly on my first try.

Has anyone verified that this is working for them for Malwarebytes 3.0.1 ?

I haven't tried the new version yet. At first glance it looks to be a very different app because now it has a trial period for certain components.

I just used the Malwarebytes pkg (version 3.0) and it worked perfectly. I installed it on one of our work machines via Casper Remote and it worked without an issue. Just dragged and dropped the pkg into admin.

Malwarebytes uninstall script anything is available?