Windows script to display Malwarebytes Endpoint Protection Agent Health and Service Status 

File uploaded by aprobert Employee on Aug 8, 2018Last modified by aprobert Employee on Dec 13, 2018
Version 20Show Document
  • View in full screen mode

To verify a Malwarebytes Endpoint Protection is running, you can download and run the ServiceStatus.cmd script on the endpoint.


  1. Download the attached script zip file and extract ServiceStatus.cmd.txt to the endpoint computer.

  2. Rename the file to be ServiceStatus.cmd. Administrator privileges are not required to run the script, as it uses only standard Windows commands and scripting.  It can be run locally by double-clicking and is suitable for remote command-line execution.

  3. Double-click on the file to run it.

  4. A command window displays.  The window refreshes every 10 seconds.  This is useful when testing for configuration changes and updates.

  5. To cancel the script, enter Ctrl + C or click [x]


This is a user community shared utility. Please send questions, comments, and support request to the author directly. 



2018-12-12 Version 1.5 Fixed problem with reading large EPR backup sizes

2018-10-30 Added controllers_version, date time stamp at top, community note at bottom. 

2018-10-10 Suppress file not found messages. Search prior log for MBAMService, if not found in current log. Added contact details

2018-10-08 Added MBAMService CPU% monitor

2018-10-05 Added policy settings, versions for endpoint_protection and mbam_version, EDR Local Backup size estimation.



Does not show Incident Response status

Will show Home Premium service as it has the V3 engine, but will not have Management Agent nor Flight Recorder services