Configure Malwarebytes Endpoint Protection Windows server roles

Document created by jgolomb Employee on Dec 26, 2018Last modified by jgolomb Employee on Sep 4, 2019
Version 12Show Document
  • View in full screen mode

Malwarebytes Endpoint Protection contains real-time protection modules. Real-time protection is supported on stock Windows Server Operating Systems from 2008 through 2016, including variants.

 

The real-time protection modules are:

  • Web Protection - Prevents connections to malicious or compromised websites
  • Exploit Protection - Prevents vulnerability exploits and zero-day attacks
  • Malware Protection - Prevents malware infections
  • Behavior Protection - Detects and blocks ransomware based on behavior analysis

 

Some of these protection modules should not be enabled for specific server roles, as they can cause performance or network-related issues.

 

The following Malwarebytes recommended configurations should be applied to these server roles. Malwarebytes continues improving its protection modules every day and will update the below guidance as new versions are released and tested.

 

Windows Server RoleMalwarebytes Recommended Configuration
Internet Information Server or other Web Server
  • Web Protection - supported, may impact server performance
  • Exploit Protection - supported
  • Malware Protection 3.x - supported
  • Behavior Protection - supported
Exchange Server or other SMTP server role
  • Web Protection - supported, may impact server performance
  • Exploit Protection supported
  • Malware Protection 3.x - supported
  • Behavior Protection - supported
SQL Server or other database server role
  • Web Protection - supported, may impact server performance
  • Exploit Protection - supported
  • Malware Protection 3.x - supported
  • Behavior Protection - supported, may impact server performance
RDP or terminal services
  • Web Protection - supported
  • Exploit Protection - supported
  • Malware Protection 3.x - supported
  • Behavior Protection - unsupported

VDI or other virtualized environments such as Citrix or VMware, or Hyper V

  • Web Protection - supported
  • Exploit Protection - supported
  • Malware Protection 3.x - supported
  • Behavior Protection - unsupported

 

Set up server exclusions

For performance reasons, you may wish to set up exclusions for specific file types on your server. See the following external articles for more information.

 

Server policy recommendations

The following suggestions may improve your Malwarebytes experience within a server environment.

 

Disable automatic reboot

You may wish to disable automatic reboot for server endpoint agents. This policy level change prevents an automatic reboot of servers from Malwarebytes.

  1. Open the Malwarebytes Cloud Console.

  2. Go to SettingsPolicies > choose a policy > Windows > General

  3. Set Enable Restart to OFF.


  4. Click SAVE.

 

Disable Malwarebytes Tray interaction for multi-user environments

You may prevent the Malwarebytes Tray from loading on Standard-level user accounts, and only load for Administrator-level users. This is helpful for running Malwarebytes in a more silent manner or in multi-user environments such as Microsoft Terminal Services.

  1. Open the Malwarebytes Cloud Console.

  2. Go to Settings > Policies and choose a policy.

  3. Under ENDPOINT INTERFACE OPTIONS, set Limit Endpoint Agent Interactions to ON.


  4. A warning message displays before limiting Malwarebytes Tray interaction. Click OK to proceed, then click SAVE.


See also

Attachments

    Outcomes