Malwarebytes Endpoint Security to Malwarebytes Endpoint Protection migration best practices

Document created by jgolomb Employee on Jan 16, 2019Last modified by jgolomb Employee on Nov 8, 2019
Version 28Show Document
  • View in full screen mode

Malwarebytes offers an on-premises managed solution, Malwarebytes Endpoint Security, and our cloud-managed solution, Malwarebytes Endpoint Protection. This article walks system administrators through best practices for transitioning your organization's environment from Malwarebytes Endpoint Security to Malwarebytes Endpoint Protection. We recommend you setup your environment by following each ordered step:

  1. Policies
  2. Exclusions
  3. Add endpoint groups
  4. Add endpoints
  5. Scheduled endpoint scans
  6. Users
  7. Email notifications
  8. Syslog
  9. Network proxy

 

Refer to our Malwarebytes Endpoint Security and Malwarebytes Endpoint Protection feature comparison checklist if you wish to see comparison charts for Policy and Admin features found in Malwarebytes Endpoint Security, and the equivalent or similar features found in Malwarebytes Endpoint Protection.

 

If you prefer a video presentation covering migration, see Migrating from Malwarebytes Endpoint Security to Malwarebytes Endpoint Protection at Malwarebytes Academy. You must create an account or login to Malwarebytes Academy to view this video.

 

For further technical information on the features and functions available with Malwarebytes Endpoint Protection, see the Malwarebytes Cloud Platform Administrator Guide.

 

1. Policies

A policy defines the security settings for the endpoint (e.g., executing a scheduled scan, type of scan, applying real-time protection, or enabling Anomaly Detection Machine Learning.) See below for instructions on noting your Malwarebytes Endpoint Security policy configurations, and adding those to new policies with Malwarebytes Endpoint Protection.

 

Note policy configurations in Malwarebytes Management Console

  1. Select Policy on the left pane of the Malwarebytes Management Console app window.

  2. Double-click any policies you wish to move to Malwarebytes Endpoint Protection and note the following configurations for each:
    • General
    • Protection
    • Scanner
    • Scheduler
    • Updater
    • Communication
    • Anti-Exploit
    • Anti-Ransomware (with Exclusion List)

  3. Login to the Malwarebytes cloud console.

  4. Click Add to create a new policy for each policy you wish to migrate from Malwarebytes Endpoint Security to Malwarebytes Endpoint Protection.

 

Detailed policy mapping found in Malwarebytes Endpoint Security and Malwarebytes Endpoint Protection feature comparison checklist.

 

 

2. Exclusions

Use one of the following two methods to migrate your exclusions from Malwarebytes Endpoint Security to Malwarebytes Endpoint Protection.

 

Migrate exclusions with Malwarebytes Cloud Excel Add-In

Use the Malwarebytes community utility Malwarebytes Cloud Excel Add-In to automate the conversion.

  1. Once the MSI file is downloaded, open Excel and go to Malwarebytes > Misc Functions > Load Exclusions.

  2. Select Import from Malwarebytes Endpoint Security.

 

Manually migrate exclusions

In Malwarebytes Endpoint Security, exclusions are established per policy. In Malwarebytes Endpoint Protection, exclusions are applied on a global basis.

  1. Take note of each exclusion found in the following policy tabs of Malwarebytes Endpoint Security:
    • Ignore List - Malwarebytes Anti-Malware
    • Anti-Exploit Exclusion List
    • Anti-Ransomware (with Exclusion List)

  2. Manually add those exclusions to Malwarebytes Endpoint Protection under Settings > Exclusions > Add.

 

 

3. Add endpoint groups

Use one of the following three methods for creating Endpoint Groups.

 

Sync Active Directory

The Malwarebytes Discovery and Deployment Tool can synchronize the Active Directory structure with Malwarebytes Endpoint Protection groups. See Download the Malwarebytes Discovery and Deployment Tool for download instructions.

  1. Open Malwarebytes Discovery and Deployment Tool and select Active Directory Import.

  2. Select all Organizational Units you wish to import to Malwarebytes Endpoint Protection.

  3. All installed endpoints are automatically placed into the Active Directory group structure created by the sync process.

 

Preserve groupings of endpoints in Malwarebytes Endpoint Security

  1. Download and install the Malwarebytes community utility Malwarebytes Endpoint Security Excel Add-In. See Malwarebytes Endpoint Security Excel Add-In - data export and reporting.

  2. Open new Excel spreadsheet, select Malwarebytes Endpoint Security login > Client Computers.

  3. A report generates and displays the following data which can be imported into Malwarebytes Endpoint Protection. Use this list to create groups in Malwarebytes Endpoint Protection and then add the endpoints (via IP Address) to the groups:
    • IP Address
    • GroupName
    • PolicyName
  4. In Malwarebytes Endpoint Protection, create new groups and select the policies desired for each new group. Go to Settings > Groups > New.

 

Start over from scratch

In Malwarebytes Endpoint Protection, create new groups and select policies desired for each new group. Go to Settings > Groups > New.

 

 

4. Add endpoints

Use one of the following two methods to add endpoints to the Malwarebytes cloud console.

 

Use a software distribution method

After installing the Malwarebytes Endpoint Agent, the endpoints show up in the Malwarebytes cloud console in the Default Group. You can then manually move endpoints to another group. Utilize the following command line options to automatically assign endpoints to groups during the installation process.

  1. Automatically assign endpoints to a group during installation via command line option by specifying the corresponding Group ID. In the Malwarebytes cloud console, go to Settings > Groups and create a new group structure.

  2. Find the Group ID. Go to Downloads, and click the Specify group assignment link.
    • Windows installer usage: Setup.MBEndpointAgent.Full.exe GROUP="<Group ID>"
    • MacOS installer usage: sudo launchctl setenv MALWAREBYTES_GROUP <GroupID> ; sudo -E /usr/sbin/installer -pkg Setup.MBEndpointAgent.pkg -target /

 

Use Malwarebytes Discovery and Deployment Tool

  1. Download the Malwarebytes Discovery and Deployment Tool. Go to Downloads. In the Discovery and Deployment Tool section, click Download.


  2. See Malwarebytes Cloud Platform Administrator Guide  for detailed install and use information.

  3. All endpoints show up in the Malwarebytes cloud console in the Default Group. Manually move endpoints to other groups if desired.

 

 

5. Scheduled endpoint scans

  1. Review and document schedules in Malwarebytes Endpoint Security. Include date/time, functions performed, and groups applied to schedules.

  2. Enter information into Malwarebytes Endpoint Protection to create new scheduled scans.

  3. Create a spreadsheet that helps map Malwarebytes Endpoint Security settings to Malwarebytes Endpoint Protection.

 

 

6. Users

  1. Gather information on existing Users (also known as administrators) from Malwarebytes Endpoint Security.

  2. Create new users in the Malwarebytes cloud console. Go to Settings > Users > New.
    • Two user types available in Malwarebytes Endpoint Security: Admin and Users. Admins can define what features are read only and read/write.
    • Three user types available in Malwarebytes Endpoint Protection: Super Admin (equal to Admin), Administrator (access to everything within the Malwarebytes cloud console except for editing global settings and can be restricted to certain endpoint groups), Read Only

 

 

7. Email notifications

Each user may configure their own preferences for notifications. There is no global setting to enable all users to receive the same notifications. There is no need to configure an SMTP server.

 

In the upper right corner of the screen, go to User Name > Profile > Notifications and check the desired notifications.

 

 

8. Syslog

  1. In the Malwarebytes cloud console, select Settings > Syslog Logging.

  2. Select one 'always on' endpoint that resides within the local area network that has access to the Syslog Server.

  3. Select Add and enter the requested information to match the Syslog Server.

 

 

9. Network proxy

Use one of the following two methods to add a network proxy.

 

Add network proxy via command line option during installation

msiexec /quiet /i Setup.MBEndpointAgent.msi NEBULA_PROXY_SERVER=http://<IP> NEBULA_PROXY_PORT=<port> GROUP=<group_ID>

 

Use Malwarebytes Discovery and Deployment Tool

A Proxy Settings button is at the lower right corner of the login screen, needed when a proxy server is required to access the Internet. Click Proxy Settings to enter proxy specifications. No settings are enabled until Use Proxy is checked, and settings are ignored if Use Proxy is unchecked.

 

After installation via Command line on each endpoint

MBCloudEA.exe -proxy.server <IP> -proxy.port <port> -proxy.user <domain\user> -proxy.password <password>

 

 


Attachments

    Outcomes