Malwarebytes Agentless Remediation is a threat detection and remediation tool built on top of our Malwarebytes Breach Remediation and Forensic Timeliner products. It scans endpoints for advanced threats including malware, PUPs, and adware and thoroughly removes them.
Requirements for MAR Console
- Purchased license or trial of Malwarebytes Breach Remediation
- .NET Framework 4.6.1 or later
- Windows Management Framework (WMF) 5.0 (or later)
- Domain computer only
- Windows 10 x64 or Windows Server 2016 x64
- Domain account with local admin rights on target computers should be provided for encrypted storage on the Jump Server
Requirements for target endpoints
- Windows 10 (32/64-bit)
- Windows 8.1 (32/64-bit)
- Windows 8 (32/64-bit)
- Windows 7 (32/64-bit) (Service Pack 1 or later)
- Windows Server 2012/2012 R2 (64-bit only)
- Windows Small Business Server 2011 (64-bit only)o Windows Server 2008 R2 (64 bit)
Note: Windows servers using the Server Core Installation process are specifically excluded
- Download the latest version of Malwarebytes Agentless Remediation app.
- Unzip archive and run setup.exe (running the installation with administrative privileges is recommended)
- Proceed with installation instructions. You may be asked to continue installation due to failed libraries registration. Ignore these messages and click Continue. Installation and operation of the product are unaffected.
- Once the installation completes, open Windows Explorer and navigate to the C:\irstealth folder and run IRStealth.exe with Run as Administrator
- Open the app at Settings tab and enter Malwarebytes Breach Remediation license key.
- Click Activate Products and check if you can see the message Successfully activated products.
- Click Update Database and check if you can see the message Successfully updated Breach Remediation Database.
Note: the UI may be unresponsive during registration and database update operations (up to 10 seconds).
- Choose the option for distribution and registration of scanning libraries.
- Set up credentials for distribution and running Malwarebytes Breach Remediation and Forensic Timeliner scanners on target endpoints.
Note: This app has been tested only in domain environments. Use for WORKGROUPS may not work.
- Perform all preparation steps from Configuration section of this article.
- Provide the list of target endpoints for scan at Endpoints tab. You can import the list of endpoints from Active Directory OU or from a flat file.
- Set up scan parameters in the Settings tab. For additional configuration (e.g. SIEM or proxy settings) click on Settings > Go to Advanced Settings.
- Choose Complete Scan or Remediation Only type of scan.
- Complete Scan - both Malwarebytes Breach Remediation and Forensic Timeliner scans.
- Remediation Only - Malwarebytes Breach Remediation scan only.
- You can monitor the scan status under Scan tab.
Once scan is completed you will be able to see the detections in your dashboard.
For more information and exportable format navigate to Detections tab.
You can export the detections by clicking on Export to CSV button. This operation will create a new report in CSV format in the C:\irstealth folder.
This is a user community shared utility. Please send questions, comments, and support request to the authors directly.
For troubleshooting of the app please attach events in the Log tab.