To verify a Malwarebytes Endpoint Protection is running, you can download and run the ServiceStatus.cmd script on the endpoint.
Download and run Service Status script
- Download the attached script zip file and extract ServiceStatus-x.xx.cmd.txt to the endpoint computer.
- Rename the file to be ServiceStatus-x.xx.cmd
Administrator privileges are not required to run the script, as it uses only standard Windows commands and scripting. It can be run locally by double-clicking and is suitable for remote command-line execution.
- Double-click on the file to run it. Alternatively, it can be run from Windows CMD.EXE prompt and/or its output piped to file e.g. ServiceStatus-x.xx.cmd > status.txt
- A command window displays. The window refreshes every 20 seconds. This is useful when testing for configuration changes and updates.
To cancel the script, enter Ctrl + C or click [x]
This is a user community shared utility.
Does not show Incident Response status service, as that runs as a scheduled plugin.
Will show Home Premium service, but will not have Management Agent nor Flight Recorder services.
2019-04-01 Version 1.11 Added status of the configuration of Endpoint Response Settings for Suspicious Activity Monitoring, Rollback and Isolation reading
from last log entry in EndpointAgent.txt Note: The log entry also displayed if plugin subsequently uninstalled which obsoletes other entry in log.
2019-02-21 Version 1.10 Added count of files in EPR Local Backup
2019-01-31 Version 1.08 Added policy.ea_last_update, to show datetime of most recent policy update. Useful when monitoring for recent change.
2019-01-22 Version 1.07 Added * warnings in column 1 for disabled and inactive services.
2019-01-07 Version 1.06 Added MBAMService.Resource showing Memory and Handles usage. Set timer to 20 seconds with a editable variable in script.
2018-12-12 Version 1.05 Fixed problem with reading large EPR backup sizes.
2018-10-30 Added controllers_version, date time stamp at top, community note at bottom.
2018-10-10 Suppress file not found messages. Search prior log for MBAMService, if not found in current log. Adde.2018-10-08 Added MBAMService CPU% monitor.
2018-10-05 Added policy settings, versions for endpoint_protection and mbam_version, EDR Local Backup size estimation.