Export data with the Malwarebytes Cloud Excel Addin with Reporting and Utilities

Document created by lwei Employee on Sep 12, 2018Last modified by lwei Employee on Nov 4, 2019
Version 82Show Document
  • View in full screen mode


What's This?

The Malwarebytes Cloud server collects a rich set of information from the endpoints and a common request we get is to turn this data into useful information. Malwarebytes provides a complete set of RESTful APIs for this purpose. The Management Console uses these same APIs to extract the data. However, it does require some scripting and technical work to make the data useful.

To make this easier for our customers, we have introduced the Malwarebytes Excel Addin, which provides easy access to import data directly into Microsoft Excel.


Note: There is a corresponding addin for Malwarebytes On-Prem MBES deployment.





  • An account on the Malwarebytes Cloud server (https://cloud.malwarebytes.com).
  • Microsoft Excel 2010, 2013, 2016, 2019, or Office 365 on Windows.
    • (The addin does not work on macOS because it uses Windows specific Microsoft Office features)
  • .NET Framework v4.5.2.



Download and install the Addin. Latest version is v3.0.11.

download icon Download the latest Malwarebytes Excel Addin Installer



This is a user community shared utility.

Please post questions and comments on this Forum thread.

You can also send requests to the author directly. 



  • Extract and import most of the Malwarebytes Cloud server objects
    • Endpoints / Machines
      • Details for Malwarebytes agent information
      • Details for endpoint assets such as memory, disk drives
      • Details for software installed
    • Detections / Threats
    • Quarantine
    • Suspicious Activities
    • Events, Groups, Tasks / Jobs
    • Others - Exceptions, Users, Policies, Schedules
  • Perform bulk actions
    • Take action against scan needed endpoints
    • Take action against remediation required endpoints
    • Delete endpoints that are offline for any number of days
    • Delete duplicate endpoints
    • Move endpoints to a different group
    • Restore or remove quarantine data
    • Remediate and close Suspicious Activities
    • Load exclusions
  • Generate a summary report in HTML and PDF, and email to recipients
  • Schedule the summary report for automated email delivery (Watch the 3-min video)



  • Detection data imported from the Cloud server.
    Detection data imported from the Cloud server

  • Pivot tables and charts are created for some key objects.
    Pivot tables and charts

  • HTML and PDF summary report generated.
    PDF Summary Report


Latest version is v3.0.11

  • v3.0.11 (2019-11-04)
    • Added feature to add groups in bulk to a schedule
  • v3.0.10 (2019-10-20)
    • Fixed error HRESULT: 0x80070057 importing any objects, caused by region formatting
  • v3.0.9 (2019-10-08)
    • Added endpoint export for Updates Installed
  • v3.0.8 (2019-09-27)
    • Added feature to change policy for groups in bulk
    • Added user-agent string to all requests so that the backend can identify requests
  • v3.0 (2019-08-01)
    • Added Scheduled Reports
    • Added Asset Information import
    • Added URL links to endpoints
  • v2.7 (2019-06-24)
    • Added feature to delete duplicate endpoints.
  • v2.6 (2019-06-12)
    • Supports OneView login.
    • Added support to bulk remediate or close Suspicious Activities.
    • Fixed bug with failed install when AppData is a remote file share.
    • Fixed Scan Results not showing local date time.
  • v2.5 (2019-04-07)
    • Added new import for endpoint scan statuses. Note the useful column to see scan duration.
    • Added the ability to move endpoints to a different group in bulk.
    • Fixed Bulk Load Exclusions due to changes in the back-end. Now supports adding exclusions by policies.
  • v2.4 (2019-03-13)
    • Confirmed support for Excel 2019.
    • Added column "No of Schedules" in Groups to help identify groups with no threat scans scheduled.
    • Added selection list for Bulk Exclusions for common 3rd Party security software.
  • v1.2 (2018-July) - First release.



  • The installation folder is located in the following user appdata directory.
    • C:\Users\[user-name]\AppData\Roaming\Malwarebytes\Malwarebytes Excel Addin [version]
  • The installation logs are located in the following directory. They are useful to determine the reasons why the addin might not have been attached to Excel correctly.
    • C:\Users\[user-name]\AppData\Local\Temp\Malwarebytes Excel Addin
    • C:\Users\[user-name]\Documents\Add-in Express
  • If the Addin does not show up in the menu for Excel, the first thing to try is to run the setup.exe as Administrator.