Malwarebytes Endpoint Security Excel Addin - data export and reporting

Document created by lwei Employee on Oct 1, 2018Last modified by lwei Employee on Apr 2, 2019
Version 14Show Document
  • View in full screen mode


What's This?

The Malwarebytes Endpoint Security (on-premises managed solution) server collects a rich set of information from the endpoints and a common request we get is to turn this data into useful information. The database schema for the SQL Server repository is published for administrators to extract information as needed. This Excel Addin is created to extract the information from the SQL repository directly.


Note: There is a corresponding addin for Malwarebytes Cloud deployment.



  • An account on the SQL Server database for Malwarebytes Endpoint Security.
  • Microsoft Excel 2013 or 2016 (Office 365) on Windows.
  • .NET Framework v4.5.2.



Download and install the Addin.



This is a Malwarebytes community shared utility. Please send questions, comments, and support request to the author directly. 



  • Extract and import the most common tables within the Malwarebytes Endpoint Security server such as the following. Please requests others as needed.
    • Detection / Threats
    • Endpoints / Clients
    • Client Groups
    • Policies
    • Exclusions within the Policies
  • Some pivot tables and charts are automatically created in Excel.
  • A summary report can be generated in HTML and PDF, and emailed for delivery.
  • Export exclusions in JSON format that can be used to import to the Cloud server.
  • SQL statements used to extract the data can be viewed.



  • v1.3 (2018-10-09) - Bug fixes.
    • Sped up screen updates by not refreshing when formatting output.
    • Fixed report output file name when server name contains backslash "\".
  • v1.2 (2018-October) - First release.



  • The installation folder is located in the following user appdata directory.
    • C:\Users\[user-name]\AppData\Roaming\Malwarebytes\Malwarebytes MBES Excel Addin [version]
  • The installation logs are located in the following directory. They are useful to determine the reasons why the addin might not have been attached to Excel correctly.
    • C:\Users\[user-name]\Documents\Add-in Express
    • C:\Users\[user-name]\AppData\Local\Temp\Malwarebytes MBES Excel Addin
  • If the Addin does not show up in the menu for Excel, the first thing to try is to run the setup.exe as Administrator.



  1. Detection data imported from the Malwarebytes Endpoint Security server.
    Detection data imported from the MBES server

  2. Pivot tables and charts are created for some tables.
    Pivot tables and charts

  3. HTML and PDF summary report generated.
    HTML and PDF summary report

  4. SQL statements used for data extraction can be viewed.
    SQL statements