Package Malwarebytes Endpoint Agent

I haven't looked into this specific case, but you might be able to create a "package in a package." Using your preferred package creation tool, create an installer that places the Malwarebytes .pkg file into someplace like /tmp. Then, add a postinstall script to the package that installs the Malwarebytes .pkg.

I've never had any trouble uploading or deploying Malwarebytes packages generated from AutoPkgr.

As always, test before deployment.

@pete_c Are you referring to the consumer Malwarebytes, or the managed Malwarebytes Cloud client? I wouldn't think you'd be able to do a Autopkg recipe for the managed client.

@dwaterbury Good afternoon i am also trying to get this application running in our environment at the moment if you dont mind me asking how did you setup your configuration profile to bypass the KEXT for the app. So that the requirement to have user click allow is not a need?

@dwaterbury I sent the same question in to Malwarebytes support. We just pulled the trigger to get started so we can deploy this out. The way I'm intending to get around this in Jamf is by hosting the file and creating a shell script to curl it down.

@bjones Malwarebytes have two articles here, and here that should be helpful.

Hi Everyone. Thank you for the responses. I reached out to Malwarebytes Support to get the answer. I was able to use push it out last Friday and I started seeing computers come into their "Nebula" interface.

The Support Tech said to download the mac .pkg from them and just change the 2 brackets in the name to _
I had initially tried renaming it differently, but some sort of licensing number is within those brackets and it prevents the laptop from registering within Nebula.

Here is an example of what it looks like initially when you download it:
Setup.MBEndpointAgent_[abcdefghi-1234-5678–jklm-nopqrstuvwxy]__.pkg

Here is how it will look after you edit the name of the file:
Setup.MBEndpointAgent__abcdefghi-1234-5678–jklm-nopqrstuvwxy___.pkg

After doing this, I was able to load it into our JAMF cloud instance without a problem.
After I pushed it out, with a Restart of the computer after install, the users appeared in the Nebula interface.

I also created a Configuration Profile that Approved Kernel Extension TeamID: GVZRY6KDKR
As was instructed here.

I hope this helps everyone.

@dwaterbury are you simply removing the brackets and adding an underscore to make the pkg file work? if so how many on each end?

@dwaterbury Last time I checked, the MalwareBytes package did not correctly load the LaunchAgent it installs. So you can add this as a payload to your policy to load the LaunchAgent after the package installs, which might eliminate the need to restart:

#!/bin/bash

loggedInUser=$(/usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | /usr/bin/awk '/Name :/ && ! /loginwindow/ { print $3 }' )
loggedInUID=$(/usr/bin/id -u "$loggedInUser")
identifier="com.malwarebytes.UserAgent"
agentPlist="/Library/LaunchAgents/$identifier.plist"

# Stop the LaunchAgent if it is running
if launchctl list | grep "$identifier" &> /dev/null ; then
    /bin/launchctl asuser "$loggedInUID" /bin/launchctl unload "$agentPlist"
fi

# Load the LaunchAgent
/bin/launchctl asuser "$loggedInUID" /bin/launchctl load "$agentPlist"

exit 0

I have the policy created without the brackets and adding the underscore but it doesn't show that its being installed, I just show a pending in the logs, I seen the payload info above but can you tell me where that would go?

I also have the policy without the brackets. With JAMF, since brackets are not allowed, you'll need to replace the brackets with underscores.

(just chiming in to confirm removing the bracket on either end and replacing with _ works, you will have 2 underscores in front and 3 on the trail)

Anyone know how to make a smart group to search who has this installed and who does not? I've been banging away at a few different ways but can't seem to find it.

also this is helpful as well:
https://support.malwarebytes.com/hc/en-us/articles/360047485253-Grant-Malwarebytes-Endpoint-Agent-Full-Disk-Access-for-Mac-endpoints-using-UAMDM
config profile for Malwarebytes full disk access, which is needed

I couldn't find anything to search with so I created an Extension Attribute to check if Malwarebytes Nebula Endpoint Agent is installed or not.

#!/bin/sh
if [ -d "/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent" ] 
then
    echo "<result>Installed</result>"
else
    echo "<result>Not Installed</result>"
fi

Malwarebytes uninstall script any thing is available?

as a follow up, if your running MB from the enterprise web version, simply deleting it from the server will force an uninstall on the end points.