Malwarebytes Breach Remediation with Microsoft SCCM user guide

Document created by jgolomb Employee on Aug 2, 2019Last modified by jgolomb Employee on Aug 20, 2019
Version 4Show Document
  • View in full screen mode

Malwarebytes Breach Remediation with Microsoft SCCM integration allows SCCM administrators to deploy Malwarebytes Breach Remediation to endpoints, execute scans and removal of threats, and send reports back to an Active Directory server. The user guide describes how to:

  • Deploy Malwarebytes Breach Remediation to your Windows endpoints.
  • Initiate a scan on your Windows endpoints.
  • Run the MBBR Scan Reports script to collect logs to your network shared folder.

 

To install and configure Malwarebytes Breach Remediation with Microsoft SCCM, refer to Install and configure Malwarebytes Breach Remediation for Microsoft SCCM.

 

Run the Deploy MBBR script in SCCM

  1. In your SCCM console, go to Assets and Compliance > Devices or Device Collections > right-click on a device or collection of devices > click Run Script in the context menu.

  2. In the Run Script window, select the Deploy MBBR script from the list of available scripts.

  3. Click Next > Next > then once the Script Status Monitoring completes, click Close.
    Image of The Script Status and Monitoring window in Microsoft SCCM.

  4. To confirm Malwarebytes Breach Remediation deployment on the target endpoint, check to see that the source files appeared as expected on that device.
    Image of SCCM scripts file directory on Windows device.

Run the Execute MBBR script to scan and quarantine threats

  1. In your SCCM console, go to Assets and Compliance > Devices or Device Collections > right-click on a device or collection of devices > click Run Script in the context menu.

  2. On the Run Script window, select the Execute MBBR script from the list of available scripts. Click Next.

  3. On the Script Parameters window, in the FilePath field, enter the path where source files have been deployed in the clients followed by: mbbr_<scan action>_<type of scan>.bat
    • Scan action: can be scan or quarantine
    • Type of scan: can be hyper, threat, or full
      Image of Script Parameters window in Microsoft SCCM.

  4. Click Next > Next > Next > then once the Script Status Monitoring completes, click Close.

  5. To confirm the scan completed, check the target endpoint for the ScanSummary Notepad file which displays results.
    Image of the ScanSummary notepad file on a target endpoint after a deployed scan.

Run the MBBR Scan Reports script to gather logs

The SCCM administrator can also collect scan logs back to the preferred network share folder. The MBBR Scan Reports script is required to collect this data.

 

  1. In your SCCM console, go to Assets and Compliance > Devices or Device Collections > right-click on a device or collection of devices > click Run Script in the context menu.

  2. On the Run Script window, select the MBBR Scan Reports script from the list of available scripts.
    Image of Run Scripts window in Microsoft SCCM.

  3. Click Next > Next > Next > then once the Script Status Monitoring completes, click Close.

  4. After the script execution completes, go to your network shared folder path to view the logs. The log files Name displays the target client name and the timestamp as shown in the following screenshot.
    Image of Active Directory network shared folder containing the log files of Malwarebytes Breach Remediation scans.

  5. Open the Notepad file to view the full report details.
    Image of an opened mbbr log file in Notepad.

Attachments

    Outcomes