Malwarebytes endpoint agent exclusions

Document created by drossler Employee on Jun 2, 2017Last modified by vbariteau on Oct 18, 2017
Version 5Show Document
  • View in full screen mode

For the cloud platform, there are some recommended exclusions to put in place if you are using other protection software. These can range from network firewalls to anti-virus software. To ensure our product can work side by side with those other vendors, please enter in the exclusions below:

 

Connectivity

(All on Port 443, Outbound)

 

Components

 

  • Folders
  • %ProgramFiles%\Malwarebytes\Anti-malware\
  • %ProgramFiles%\Malwarebytes Endpoint Agent
  • %ProgramData%\Malwarebytes Endpoint Agent
  • /Library/Application Support/Malwarebytes/NebulaAgent/ (Mac)

 

 

Endpoint Agent Files

  • %SystemRoot%\system32\drivers\ESProtectionDriver.sys
  • %SystemRoot%\system32\drivers\farflt.sys
  • %SystemRoot%\system32\drivers\mbae.sys (mbae64.sys on an x64 system)
  • %SystemRoot%\system32\drivers\mbam.sys
  • %SystemRoot%\system32\drivers\MBAMChameleon.sys
  • %SystemRoot%\system32\drivers\MBAMSwissArmy.sys
  • %SystemRoot%\system32\drivers\mwac.sys
  • /Library/LaunchDaemons/com.malwarebytes.NebulaAgent.plist (Mac)


Incident Response/Endpoint Protection Files

  • %ProgramData%\Malwarebytes\MBAMService
  • %ProgramData%\Malwarebytes Endpoint Agent\Plugins\Incident Response\Logs

 

Registry Keys

  • HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\SysprepExternal\Generalize\E85C5BD4-F8FA-4D8C-94F7-DDBDB00F974B
  • HKLM\Software\Microsoft\Windows\CurrentVersion\Setup\SysprepExternal\Generalize\2947892B-C390-476F-90AB-CD0D5F421614
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

 

Attachments

    Outcomes