Administrators can mark endpoints for deletion in the Malwarebytes cloud platform. This feature allows removal of a stale endpoint from the platform (and eventually database) and initiates un-installation of the Endpoint Agent from active endpoints. After an endpoint is selected in the platform and Deleted, its put in a Marked for Deletion state.
When endpoints are Marked for Deletion
- If the machine is currently online and connected to Malwarebyte's WebSockets, an uninstall notification is sent. This leads to a soft-deleted record in the database.
- If the machine is currently online and polling, it receives a flag on its next request which causes un-installation and soft-deletion.
- If the machine is currently offline:
- If it comes online less than 90 days from when it was last seen, it receives the flag on its initial sync call to uninstall.
- If it comes online more than 90 days from when it was last seen, its not deleted, returns to the cloud platform and no longer Marked for Deletion. This keeps customers from situations where they cannot connect a machine to Malwarebytes protection.
- If the machine stays offline for 180 days after being Marked for Deletion, its cleaned by automated processes and soft-deleted in the database.
- If a machine comes online again after it has been deleted or soft-deleted for any reason, its considered a re-registration and the record is restored in the database.
- If a machine has not been Marked for Deletion via the cloud platform, the records are not deleted. This includes machines that have been offline for more than 180 days.