Manage Malwarebytes Cloud Platform endpoints

Document created by bgoddard Employee on Sep 24, 2019Last modified by bgoddard Employee on Oct 7, 2019
Version 5Show Document
  • View in full screen mode

One of the primary features of Malwarebytes Cloud Platform is robust endpoint management through the Manage Endpoints screen. You can select one or more endpoints using filters and perform a variety of actions on this screen. For more information on working with endpoints, see Perform actions on endpoints in Malwarebytes Cloud Platform.


To access Manage Endpoints, go to Endpoints > Manage Endpoints


The Status column uses icons to identify endpoints needing attention. The table below shows the different endpoint statuses. On the Endpoint screen you can click an icon to view additional details or to take action on the endpoint.



The endpoint has not run a scan for a long time. Run a scan to check for threats.

A scan is pending on the endpoint.

A scan is currently running on the endpoint.

The endpoint has threats that were detected during a scan that need remediation.

Remediation of threats is pending on the endpoint.

The endpoint is currently being remediated.

The endpoint should be restarted to completely quarantine detected threats.

A restart command was issued and is still pending.

Suspicious activity was detected on the endpoint. Requires an Endpoint Protection and Response subscription.

The endpoint is currently isolated. Requires an Endpoint Protection and Response subscription.

Filter endpoints

The Malwarebytes Cloud Console uses filters to simplify management tasks across many endpoints. These filters and their options are at the top of the Endpoints list.


When a filter is applied, the filter icon changes color. A list of applied filters appears above the Endpoints list to show which filters are in use. Click a filter in the filter list to remove it or click Clear Filters to remove all of them.


The Endpoints filter allows a search by endpoint name. Click the Endpoints filter and enter an endpoint name to narrow the list of endpoints displayed. 


The Status filter allows a search by current endpoint statuses. Click the Status filter and choose a status to narrow the list of endpoints displayed. Endpoints may have one or more statuses at a time.

The status column uses icons to display the current status of an endpoint. See above for a description of each status icon.


The Operating System filter enables a search by Operating Systems on deployed endpoints. Choose an Operating System from the filter list to narrow the endpoints displayed.


The Group filter enables a search by endpoint groups. Click an assigned group name to filter on that group. If you have many groups, you may enter a group name in the filter box to narrow your search. 


Groups may be nested within other groups. When navigating a nested group, click Home or Back to return to the previous list.


Groups with folder icons have been imported from Active Directory.


The Policy filter enables searching by policy name. Click the Policy filter and enter a policy name to narrow your search.


The Last Seen filter enables you to select endpoints based on their last check-in with the Cloud Console. Times shown are based upon your current web browser's time zone.


The Drop-down filter on the top right of the Endpoints screen enables additional filtering across all displayed endpoints.

The following items can be filtered in the drop-down:

  • Domain Name - Full or partial domain names.
  • IP Address/CIDR - Full or partial IP addresses, or CIDR notation for a range of IPs.
  • MAC Address - Full or partial MAC addresses.
  • OS Type - Includes Workstation or Server options.


Endpoint Properties

From the Manage Endpoints screen, click an endpoint name to view Endpoint Properties. Endpoint Properties  provides additional details for each of your endpoints.


The following Endpoint Properties tabs are populated during endpoint software installation. These tabs are updated when there is a software update on the endpoint:

  • Overview - Displays the endpoint name, engine version, host and agent information, Operating System, Network Interfaces, Memory information, and Storage device information.
  • Software - Displays the software installed on the endpoint.
  • Updates - Displays the latest software updates on the endpoint.
  • Startup Programs - Displays startup programs on the endpoints.


The other tabs are populated and updated as events occur:

  • Detections - Displays all Malwarebytes detections. Selectable by type and actions taken.
  • Remediation Required - Displays detections that still require remediation.
  • Suspicious Activity - Displays Suspicious Activity found. Requires an Endpoint Protection and Response subscription.
  • Quarantine - Displays files up to 30 days old that are quarantined for your protection and isolated from the endpoint operating system. 
  • Events - Displays logged activities on the endpoint and their severity.
  • Tasks - Displays requested or completed operations on the endpoint and their status.
  • Scan History - Displays scan records up to 30 days old, their Total Detections, Type, and Origin.


All dates and times shown on these tabs are relative to your web browser settings. You may select individual items on these tabs to see more details. 


You may manually refresh assets using Actions > Refresh Assets, or schedule an Asset Inventory Scan to force a refresh of endpoint information at a specified time. Scheduled asset refreshes can be useful if you require frequent Endpoint Properties updates.


The following information is gathered from each endpoint during an Asset Inventory Scan or Asset Refresh:

  • Overview tab / Memory Objects - Physical and virtual memory of the endpoints. 
  • Overview tab / Storage Devices - Connected storage, USB storage, and other devices.
  • Software tab - Software installed on the endpoint.
  • Updates tab - Software updates that occurred on the endpoint.
  • Startup Programs tab - Registry entries for installed startup programs on the endpoint.