Install and configure Malwarebytes Breach Remediation for Microsoft SCCM

Document created by jgolomb Employee on Aug 1, 2019Last modified by jgolomb Employee on Aug 20, 2019
Version 7Show Document
  • View in full screen mode

Malwarebytes Breach Remediation (MBBR) integrates with System Center Configuration Manager (SCCM) to allow administrators to manage scans on endpoints, remove threats, and generate reports. This article describes requirements and configurations for the integration.

 

Windows environment requirements

 

Malwarebytes requirements

  • You must have an active Malwarebytes Endpoint Protection, Malwarebytes Endpoint Protection & Response, or Malwarebytes Incident Response subscription.
  • Have your subscription license key available.
  • If using a Syslog Server, have your Syslog Server IP and Syslog Server Port available.

 

SCCM - Malwarebytes Breach Remediation installation

  1. Download the Malwarebytes Breach Remediation for SCCM file here.

  2. Unzip the SCCM_MBBR_ALL.zip package. This contains two folders: SCCM_MBBR and SCCM_MBBR(Syslog).
    Image of SCCM MBBR ALL file directory.

  3. The SCCM_MBBR folder is intended for customers using a non-syslog environment, and the SCCM_MBBR(syslog) folder is intended for customers using a Syslog Server.
    1. If using a non-syslog environment:
      1. Open the SCCM_MBBR folder.
      2. Open Install_License.ps1 with Windows PowerShell.
      3. Enter your Malwarebytes Cloud license key and press Enter. This propagates the license key to the other batch files.
        Image of Install_License.ps1 file opened in Windows PowerShell.

    2. If using a Syslog Server:
      1. Open the SCCM_MBBR(Syslog) folder.
      2. Open Install_License.ps1 with Windows PowerShell.
      3. Enter your Malwarebytes Cloud license key and press Enter.
      4. Enter your Syslog Serve IP and press Enter.
      5. Enter your Syslog Server port and press Enter. This propagates the license key, Syslog Server IP, and Syslog Server port to the other batch files.
        Image of Install_License.ps1 file opened in Windows PowerShell.

  4. Create a network shared folder with either the SCCM_MBBR or SCCM_MBBR(Syslog) files copied into your Active Directory or SCCM Server.
    Image of the SCCM batch files on Windows.

  5. Create a network shared folder to collect all of the Malwarebytes Breach Remediation log files in your Active Directory or SCCM Server. Ensure the network shared folders are accessible by all of your SCCM clients.
    Image of Active Directory Server Manager and MBBR logs file path.

  6. Copy the SCCM_Scripts folder to any location in your SCCM Server.
    Image of SCCM console and the SCCM scripts file path.

Integrate and approve scripts in SCCM

You can now import the SCCM scripts into SCCM console. The SCCM administrator must then approve each one before use.  There are three total scripts:

  • Deploy MBBR: The script to deploy Malwarebytes Breach Remediation to an endpoint.
  • Execute MBBR: The script to run scans and remediation with Malwarebytes Breach Remediation on target endpoints.
  • MBBR Scan Reports: The script to generate log files from target endpoints.

 

Configure the Deploy MBBR script

  1. On the SCCM Server Machine, click the Windows icon > Configuration Manager Console.
    Image of Windows administrator desktop highlighting the Configuration Manager Console menu.

  2. In the Configuration Manager Console, go to Assets and Compliance > Devices to ensure you've installed the SCCM client agent on your endpoints. If installed properly, you see a green check mark under the Icon column, and the word "Active" under the Client Activity column.
    Image of SCCM console and devices showing Client Activity as Active.

  3. Go to Software Library > Scripts

  4. Click Create Script.

  5. In the Create Script window, click Import > select Deploy MBBR.ps1 and click Open.
    Image of SCCM console and Create Script window.

  6. On the Script Details screen, in the Script name field, enter Deploy MBBR > click Next to continue.

  7. In the Script Parameters window, enter the following details:
    1. In the FolderName field, enter the folder path you want to create on your client machines.
    2. In the SharePath field, enter the network shared folder path where you have stored SCCM_MBBR files.
      Image of Script Parameters screen in the Create Script setup wizard in SCCM.

  8. Click Next > Next > on the Completion screen, click Close.

  9. The administrator must now approve the script. On the Scripts screen, right-click Deploy MBBR > Approve/Deny from the context menu.
    Image of Approve/Deny button in the context menu for the Scripts screen of SCCM.

  10. In the Approve or Deny Script window, click Next > Next > Next. On the Completion screen, click Close.

Configure the Execute MBBR script

  1. Click Create Script > ImportIn the Create Script window, click Import > select Execute MBBR.ps1 and click Open.
    Image of import scripts screen in the SCCM console.

  2. On the Script Details screen, in the Script name field, enter Execute MBBR > click Next to continue.

  3. On the Script Parameters screen, leave the FilePath field empty for now. You will fill this field later when you run the script. Click Next > Next > Close.
    Image of Script Parameters screen in the Create Script setup wizard in SCCM.

  4. The administrator must approve the script. On the Scripts screen, right-click Execute MBBR > Approve/Deny from the context menu.
    Image of Scripts screen in SCCM console.

  5. In the Approve or Deny Script window, click Next > Next > Next. On the Completion screen, click Close.

Configure the MBBR Scan Reports

  1. To import the MBBR Scan Reports script, open the script in Notepad. Highlight and copy all of the contents.

  2. In the SCCM Scripts page, click Create Scripts.

  3. On the Scripts Details window, in the Script field, paste the contents of the MBBR Scan Reports script.
    Image of the Create Script window in Microsoft SCCM console.

  4. Edit the first two lines of the script:
    1. For line one, assign the endpoint log file location.
    2. For line two, assign the network share location to collect the log files.
      Image of the Script Details window in Microsoft SCCM console.

  5. Click Next > Next > on the Completion screen, click Close.

  6. The administrator must approve the script. On the Scripts screen, right-click MBBR Scan Reports > Approve/Deny from the context menu.
    Image of Scripts screen in SCCM console.

  7. In the Approve or Deny Script window, click Next > Next > Next. On the Completion screen, click Close.

 

For information on running the Malwarebytes Breach Remediation for SCCM scripts, see Malwarebytes Breach Remediation with Microsoft SCCM user guide.

Attachments

    Outcomes