Malwarebytes Endpoint Security and Malwarebytes Endpoint Protection feature comparison checklist

Document created by jgolomb Employee on Jan 24, 2019Last modified by jgolomb Employee on Jan 30, 2019
Version 7Show Document
  • View in full screen mode

Below are comparison tables for Policy and Admin features found in Malwarebytes Endpoint Security and Malwarebytes Endpoint Protection. Use these supplemental checklists to compare what features are offered in the Malwarebytes Endpoint Security on-premises Management Console, and what the equivalent feature is in the Malwarebytes Endpoint Protection cloud-based console, if applicable.

 

This article acts as a companion document with Malwarebytes Endpoint Security to Malwarebytes Endpoint Protection migration best practices. Organizations planning to migrate their managed endpoints from our on-premises solution to our cloud-managed solution may find this feature comparison useful during transition.

 

Policy feature comparison

The following tables highlight features/tabs found in the Malwarebytes Endpoint Security Policy pane. The Malwarebytes Endpoint Protection column shows if an equivalent feature exists, and its location in the cloud console.

 

General

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
Terminate Internet Explorer during threat removalNot available in Malwarebytes Endpoint Protection
Anonymously report usage statisticsNot available in Malwarebytes Endpoint Protection
Create right click context menuPolicy > Endpoint Interface Options > Context Menu Scans
Automatically save log file after scan completesMalwarebytes Endpoint Protection can generate a logfile anytime, but contains more than detections and quarantines. Right-click the Malwarebytes icon while holding the Ctrl key or via CLI Windows command line C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe -diag
Open log file immediately after savingNot available in Malwarebytes Endpoint Protection
Warn if database is outdated byNot available in Malwarebytes Endpoint Protection
LanguageNot available in Malwarebytes Endpoint Protection
Start Up Type (Automatic, Manual, Disabled, Automatic (Delayed Start)

Automatic = normal operation in Malwarebytes Endpoint Protection

Manual = not available in Malwarebytes Endpoint Protection

Disabled = Not available. Endpoint agent always starts on the endpoint unless uninstalled. Can move endpoint to group that doesn't have any scheduled scans and turn off all 4 layers of protection in Policy > Windows > Settings > Real-Time Protection

Automatic (Delayed Start) = Policy > Windows > Settings > Startup options > Delayed Real-Time Protection

Enable Service Recovery OptionsNot available in Malwarebytes Endpoint Protection

 

Protection

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
Enable Protection ModuleWindows > Settings > Malware Protection On
Start file execution blocking when protection module startsWindows > Settings > Malware Protection On
Start malicious website blocking when protection module starts

Start Malicious Website Blocking = Windows > Settings > Web Protection On

Malwarebytes Endpoint Protection: Unlike Malwarebytes Endpoint Security, Website Blocking cannot be enabled/disabled by the end user, it must be done in the Malwarebytes cloud console by an Admin User

Show tooltip balloon when malicious website is blockedEndpoint Interface Options > Real-time Notifications On
Advanced Settings
      Silent mode

Show Icon in Notification Area Off, but no option to still allow for right-click context menu on Windows endpoints.

Malwarebytes Endpoint Security: In Silent mode, the only indication that the managed client is present on their machine is the right-click context menu.

      Limited user mode

Show Icon in Notification Area On, User Threat Scan On

Malwarebytes Endpoint Security: The managed client is visible as an icon in the system tray, but only with options to start a scan or to check for updates.

Malwarebytes Endpoint Protection: No option to check for updates (manually checking for updates is only available within the cloud console), has option to show icon but not allow on demand threat scan.

      Auto quarantineNo corresponding Malwarebytes Endpoint Protection setting. During an on-demand scan, threats are automatically quarantined.
      AQ Tool Tip when file system threat is blockedNo corresponding Malwarebytes Endpoint Protection setting. Real-time Notifications On may show a tool tip when a manual scan is initiated. End-User Initiated scans will always show scan status window.
      Disable website blocking

Windows > Settings > Malware Protection Off

Disable the feature completely, checking this box prevents website blocking from being started via the end-user interface.

      startup delayWindows > Settings > Startup Options > Delay Real-Time Protection On (then select the number of seconds to delay)

 

Scanner

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
Scan memory objectsDefault behavior of Threat Scan.
Scan startup objectsDefault behavior of Threat Scan.
Scan registry objectsDefault behavior of Threat Scan.
Scan file system objectsNot available in on-demand scan, only scheduled scan.
Scan additional items against heuristicsDefault behavior of Threat Scan.
Enable scanning inside archivesWindows or Mac > Settings > Scan Options > Scan within Archives = On
Enable advanced heuristics engineer (Heuristics.Shuriken)Windows or Mac > Settings > Scan Options > Anomalous File Detection = On
Action for potentially unwanted programs (PUP)

Windows or Mac > Settings > Scan Options > Select how to treat PUP detection

Malwarebytes Endpoint Security allows for 3 settings, Malwarebytes Endpoint Protection only allows 2 settings:

Do not show in results list = Ignore Detections

show in results list and check for removal = Treat Detections as Malware

show in results list and do not check for removal = Not available in Malwarebytes Endpoint Protection

Action for potentially unwanted registry modifications (PUM)

Windows or Mac > Settings > Scan Options > Select how to treat PUM detection

Malwarebytes Endpoint Security allows for 3 settings, Malwarebytes Endpoint Protection only allows 2 settings:

Do not show in results list = Ignore Detections

show in results list and check for removal = Treat Detections as Malware

show in results list and do not check for removal = not available in Malwarebytes Endpoint Protection

Action for peer-to-peer software (P2P)Not available in Malwarebytes Endpoint Protection

 

Scheduler (Settings for each scan)

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
Type (Scan)Malwarebytes Endpoint Protection Options: Scan, Asset Refresh
Frequency (Hourly, Daily, Weekly, Monthly, Once, On reboot)Malwarebytes Endpoint Protection Options: Hourly, Daily, Weekly
Recover if missed by: (0-23 hours)Not available in Malwarebytes Endpoint Protection
Starting on: (date)Settings > Schedules > Scan Schedule
repeating every (1-48 hours, 1-30 days, 1-8 Weeks)Hours 1-23, Daily 1, Weekly 1
Type (Quick scan, Full scan, Flash scan)Malwarebytes Endpoint Protection options: Threat Scan, Custom Scan, Hyper Scan
Wake computer from sleep to perform taskNot available in Malwarebytes Endpoint Protection
Remove and quarantine all threats automaticallySettings > Schedules > Scan Type > Quarantine threats automatically
Perform scheduled scan silently from system accountDefault behavior for Malwarebytes Endpoint Protection, cannot be changed
Save log file regardless of user settingsDefault behavior for Malwarebytes Endpoint Protection, cannot be changed
Terminate program when scan completes successfullyNot available in Malwarebytes Endpoint Protection
Restart the computer if required for threat removalSettings > Policies > General > Reboot Options > Enable Restart On - can also specify postpone and time - This policy setting applies to all scheduled and on demand scans for endpoints that are part of a group using this policy.

 

Malwarebytes Anti-Malware Exclusions

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
List of exclusions for files, directories, registry keys, IP Addresses separated by new lineEach entry (Drive, Folder/File, File Extension, MD5 Hash, Registry key, Website/IP address or exclude an application from Web Monitoring) is entered via web based dialog or in bulk via Excel Add-In, and can apply exclusions to one or more Protection areas (Exploit, Ransomware, malware, website or Suspicious Activity)

 

Updater

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent

Download Signature updates from the Internet every __ hour(s)

 

Download Signature updates from a custom path every __ hour(s)

Not available in Malwarebytes Endpoint Protection
Path

Download signature updates from Management Server

 

Download Signature from alternative source every __ hour(s) if Management server is not accessible for __ hour(s)

 

Download from custom path:

 

Download from the Internet if signature update from custom path fails.

Not available in Malwarebytes Endpoint Protection
Proxy SettingSet during initial installation of endpoint agent or via CLI.

 

Communication

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
Communication automatically check policy update (every 5 seconds or 1-9999 minutes)All policy communication is done automatically as needed (policy changes, endpoint moved from one policy/group to another)
Proxy (Do not use, Use Windows Proxy setting)Uses the system wide proxy setting set at initial install or via CLI.

 

Anti-Exploit

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
Enable Anti-Exploit ProtectionWindows > Settings > Exploit Protection On
Automatically upgrade Anti-Exploit on ClientsEndpoint Agent is automatically updated, no option to change in Malwarebytes Endpoint Protection.
Do not show alert popup upon exploit detectionEndpoint Interface Options > Real-time Notifications On
Show protection events in Anti-Exploit clientsEndpoint Interface Options > Real-time Notifications On
Do not show Anti-Exploit traybar icon and program interfacePolicy > Endpoint Interface Options > Show Icon in Notification Area = On/Off
Show Anti-Exploit balloon notifications on clientsPolicy > Endpoint Interface Options > Real-time notifications = On/Off
Anti-Exploit shielded applicationsPolicy > Windows > Settings > Real-Time Protection > Exploit Protection = On/Manage Protected Applications
AdvancedPolicy > Windows > Settings > Real-Time Protection > Exploit Protection = On/Advanced Settings

 

Anti-Exploit Exclusions

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
List of exclusions in MD5 signature format and an optional filenameList of exclusions for files, directories, registry keys, IP Addresses separated by new line. Each entry (Drive, Folder/File, File Extension, MD5 Hash, Registry key, Website/IP address or exclude an application from Web Monitoring) is entered via web based dialog or in bulk via Excel Add-In, can apply exclusions to one of more Protection areas (Exploit, Ransomware, malware, website or Suspicious Activity)

 

Anti-Ransomware

Malwarebytes Endpoint Security Policy settingMalwarebytes Endpoint Protection Policy setting equivalent
Enable Anti-Ransomware ProtectionWindows > Settings > Behavior Protection On
Exclusion ListList of exclusions for files, directories, registry keys, IP Addresses separated by new line. Each entry (Drive, Folder/File, File Extension, MD5 Hash, Registry key, Website/IP address or exclude an application from Web Monitoring) is entered via web based dialog or in bulk via Excel Add-In, can apply exclusions to one of more Protection areas (Exploit, Ransomware, malware, website or Suspicious Activity)

 

 

Admin feature comparison

The following tables highlight features/tabs found in the Malwarebytes Endpoint Security Admin pane. The Malwarebytes Endpoint Protection column shows if an equivalent feature exists, and its location in the cloud console.

 

Overview

Malwarebytes Endpoint Security Admin settingMalwarebytes Endpoint Protection Admin setting equivalent
License for Anti-MalwareMalwarebytes Endpoint Protection has single license for all features - User Name > Profile > License Information
License for Anti-ExploitMalwarebytes Endpoint Protection has single license for all features - User Name > Profile > License Information
License for Anti-RansomwareMalwarebytes Endpoint Protection has single license for all features - User Name > Profile > License Information
Set Address SettingsNo need to set server address

 

Database Settings

Malwarebytes Endpoint Security Admin settingMalwarebytes Endpoint Protection Admin setting equivalent
SQL, cleanup SettingsNot applicable

 

Signature

Malwarebytes Endpoint Security Admin settingMalwarebytes Endpoint Protection Admin setting equivalent
Current Signature - shown for management serverShown per endpoint agent - Endpoints > Manage Endpoints > select Endpoint > Overview > Agent Information
Update Frequency - Default every 10 minutesPer Policy - Settings > Policies > Policy Name > General > Protection Updates > Update Frequency - Default check is every hour

 

Administrators

Malwarebytes Endpoint Security Admin settingMalwarebytes Endpoint Protection Admin setting equivalent
Add New UserSettings > Users > New
Remove UsersSettings > Users > Delete
Import Domain UserNot available in Malwarebytes Endpoint Protection
Synchronize UserNot available in Malwarebytes Endpoint Protection
List of UsersSettings > Users
Add New User
Username, Full Name, Password, Role, Email, PhoneEmail Address, User Role, Group Access
Role
AdministratorSuper Admin
User (Permission Settings, Client, Client Group, Policy Report, Admin, Push Install, System Setting)Administrator - Access to everything within the cloud console except for editing global settings and can be restricted to certain endpoint groups. Read Only - View everything, but no changes, can be restricted to certain endpoint groups.

Attachments

    Outcomes