Network access requirements and firewall settings for Malwarebytes Cloud Platform

Document created by drossler Employee on Jun 2, 2017Last modified by bgoddard on Dec 2, 2019
Version 23Show Document
  • View in full screen mode

For communication to flow between the Malwarebytes console and endpoints, you must adjust your firewall and software exclusions. This article lists internal network recommendations, external access requirements, and recommended exclusions. 

 

File and Printer Sharing

We recommend using Administrator shared folders to perform network tasks, such as installations. To use them, you must enable File and Printer Sharing on your endpoints. 

 

The location of File and Printer Sharing options depends on which operating system your endpoint uses. Consult your operating system guide for additional information.

 

External Access Requirements

Allow the following addresses through your firewall or other security software. Endpoint Agents use the sites below to reach Malwarebytes services. 

 

You must allow or exclude all addresses on port 443, outbound.

https://ark.mwbsys.com
https://blitz.mb-cosmos.com
https://cdn.mwbsys.com
https://cloud.malwarebytes.com
https://data-cdn-static.mbamupdates.com
https://detect-remediate.cloud.malwarebytes.com
https://hubble.mb-cosmos.com
https://keystone-akamai.mwbsys.com
https://keystone.mwbsys.com
https://nebula-agent-installers-mb-prod.s3.amazonaws.com
https://sirius.mwbsys.com
https://socket.cloud.malwarebytes.com
https://storage.gra3.cloud.ovh.net
https://telemetry.malwarebytes.com


Antivirus and Firewall Exclusions

If you use additional security software with Malwarebytes, we recommend adding specific software exclusions. These exclusions prevent your other software from conflicting with Malwarebytes. Conflicting security software may range from your network firewall to antivirus.

 

We recommend that you exclude the following folders and files in your antivirus, firewall, or other software. In addition to the items below, see our specific third-party antivirus software exclusions.

 

For more information on setting exclusions in Malwarebytes, see Add exclusions to Malwarebytes Cloud Platform.

 

For Windows Endpoints

%ProgramData%\Malwarebytes Endpoint Agent\
%ProgramData%\Malwarebytes\MBAMService\
%ProgramFiles%\Malwarebytes Endpoint Agent\
%ProgramFiles%\Malwarebytes Endpoint Agent\Plugins\Incident Response\Logs\
%ProgramFiles%\Malwarebytes\Anti-malware\
%SystemRoot%\system32\drivers\ESProtectionDriver.sys
%SystemRoot%\system32\drivers\MBAMChameleon.sys
%SystemRoot%\system32\drivers\MBAMSwissArmy.sys
%SystemRoot%\system32\drivers\farflt.sys
%SystemRoot%\system32\drivers\flightrecorder.sys
%SystemRoot%\system32\drivers\mbae.sys (mbae64.sys on an x64 system)
%SystemRoot%\system32\drivers\mbam.sys
%SystemRoot%\system32\drivers\mwac.sys

 

For Mac Endpoints

/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent
/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/UserAgent.app
/Library/LaunchDaemons/com.malwarebytes.EndpointAgent.plist

 

See also

 

 

Return to the Malwarebytes Cloud Platform Administrator Guide 

Attachments

    Outcomes