VMWare Horizon does not support sysprep. Because of this, we agree with using VMWare’s recommendation and avoid using it for consistent cloning results. Please use these steps below to make sure the images are made correctly for the Malwarebytes endpoint agent.
Download the Malwarebytes Agent installer
- Go to cloud.malwarebytes.com and login to your cloud account.
- Click Endpoints on the left and select Add Endpoints.
- Download the Windows Vista, 7, 8,… installer, the first download button next to Managed Endpoint Installers.
Prepare the image
- Customize the image with whatever settings and software is needed before Malwarebytes installation.
- Download Malwarebytes Agent installer to the target master image, disable the Internet connection on that VM.
- Run the downloaded installer until installation finishes.
- When installation is completed, open Services Manager, Windows+R > services.msc.
- Locate Malwarebytes Endpoint Agent > right-click and go to Properties.
- Change the Startup type to Disabled > Hit Apply at the bottom.
- While still in the properties window, select Stop to stop the service and hit OK at the bottom to exit.
- Enable Internet connection.
- Extract the .bat files in the attached GPO Scripts.zip linked above.
- Open Local Group Policy Editor as administrator. To do this, search for gpedit.msc and right-click > Run as Administator.
- Once in Local Group Policy Editor, expand Computer Configuration”and then Windows Settings.
- Locate Startup on the right side of the console, double-click it.
- Click Add, select Browse and locate EnableMBService.bat wherever it was extracted in step 6.
- Click OK to close out of the Add a Script dialog.
- In the open Local Group Policy Editor, double-click Shutdown and repeat steps to add a script, this time adding the RemoveMB.bat script similar to Step 7.
- Deploy clones normally.
Users must remember to shutdown when they’re done so the uninstall script can run. If they forget, there may be a duplicate machine that’ll show up in Malwarebytes Cloud console but it can easily be removed. No huge impact if users forget to shutdown.