Windows script to display Malwarebytes Endpoint Protection Agent Health and Service Status 

File uploaded by aprobert Employee on Aug 8, 2018Last modified by aprobert Employee on Oct 17, 2018
Version 17Show Document
  • View in full screen mode

To verify a Malwarebytes Endpoint Protection is running, you can download and run the ServiceStatus.cmd script on the endpoint.


  1. Download the attached script ServiceStatus.cmd.txt to the endpoint computer.

  2. Rename the file to be ServiceStatus.cmd. Administrator privileges are not required to run the script, it uses only standard Windows commands and scripting.  It can be run locally by double-clicking and is suitable for remote command-line execution.

  3. Double-click on the file to run it.

  4. A command window displays.  The window refreshes every 10 seconds.  This is useful when testing for configuration changes and updates.
  5. To cancel the script, enter Ctrl + C or click [x]


This is a user community shared utility. Please send questions, comments, and support request to the author directly. 



2018-10-10 Suppress file not found messages. Search prior log for MBAMService, if not found in current log. Added contact details

2018-10-08 Added MBAMService CPU% monitor

2018-10-05 Added policy settings, versions for endpoint_protection and mbam_version, EDR Local Backup size estimation.



Does not show Incident Response status

Will show Home Premium service as it has the V3 engine, but will not have Management Agent nor Flight Recorder services