To verify a Malwarebytes Endpoint Protection is running, you can download and run the ServiceStatus.cmd script on the endpoint.
Download and run Service Status script
- Download the attached script zip file and extract ServiceStatus.cmd.txt to the endpoint computer.
- Rename the file to be ServiceStatus.cmd. Administrator privileges are not required to run the script, as it uses only standard Windows commands and scripting. It can be run locally by double-clicking and is suitable for remote command-line execution.
- Double-click on the file to run it.
- A command window displays. The window refreshes every 20 seconds. This is useful when testing for configuration changes and updates.
To cancel the script, enter Ctrl + C or click [x]
This is a user community shared utility.
Does not show Incident Response status service, as it runs as a scheduled plugin.
Will show Home Premium service as it has the V3 engine, but will not have Management Agent nor Flight Recorder services.
2019-02-21 Version 1.10 Added count of files in EPR Local Backup
2019-01-31 Version 1.08 Added policy.ea_last_update, to show datetime of most recent policy update. Useful when monitoring for recent change.
2019-01-22 Version 1.07 Added * warnings in column 1 for disabled and inactive services.
2019-01-07 Version 1.06 Added MBAMService.Resource showing Memory and Handles usage. Set timer to 20 seconds with a editable variable in script.
2018-12-12 Version 1.05 Fixed problem with reading large EPR backup sizes.
2018-10-30 Added controllers_version, date time stamp at top, community note at bottom.
2018-10-10 Suppress file not found messages. Search prior log for MBAMService, if not found in current log. Adde.2018-10-08 Added MBAMService CPU% monitor.
2018-10-05 Added policy settings, versions for endpoint_protection and mbam_version, EDR Local Backup size estimation.