Delete endpoints in Malwarebytes Cloud Platform

Document created by jgolomb Employee on Dec 11, 2018Last modified by bgoddard on Nov 11, 2019
Version 14Show Document
  • View in full screen mode

Administrators may delete endpoints using the console, which removes them from the Malwarebytes Cloud Platform. After a period of time, the deleted endpoint is also removed from the Malwarebytes database. Malwarebytes then uninstalls the agent from from the endpoint.

 

Delete endpoints

When you delete an endpoint in the console, it is first marked for deletion. See When endpoints are marked for deletion below. When deleting an entire group of endpoints, the group remains in the console as an empty group.

 

  1. Go to Endpoints.


  2. Select the endpoints to delete.


  3. In the upper-right, click Delete. A warning is displayed. If you're sure you want to continue, click DELETE.

 

When endpoints are marked for deletion

When you select endpoints for deletion, the Malwarebytes Cloud Platform behaves differently depending if they are online or offline.

 

 

If the endpoint is currently online, the following checks happen:

  • If the endpoint is connected to Malwarebytes' WebSockets:
    • An uninstall notification is sent to the console.
    • The record in the Malwarebytes database is changed to "soft-deleted".
  • If the endpoint is currently online and responding to the console:
    • The console flags the endpoint.
    • When the endpoint checks in, it is told to process an uninstall of the agent.
    • The record in the Malwarebytes database is changed to "soft-deleted".

If the endpoint is currently offline, the following checks happen:

  • If the endpoint comes back online within 90 days from when it was last seen:
    • The console flags the endpoint.
    • When the endpoint checks in, it is told to process an uninstall of the agent.
    • The record in the Malwarebytes database is changed to "soft-deleted".
  • If the machine comes back online after 90 days from when it was last seen:
    • It is not deleted, and is no longer marked for deletion.
    • This avoids a situation where an endpoint has connection issues with the console.
  • If the endpoint remains offline for 180 days from when it was last seen:
    • It is cleaned by automated processes and soft-deleted in the database.

 

If an endpoint that has been deleted or soft-deleted comes back online:

  • The console registers the endpoint.
  • The endpoint record in the database is restored.

 

See also

 

 

Return to the Malwarebytes Cloud Platform Administrator Guide 

Attachments

    Outcomes