One of the primary features of Malwarebytes Cloud Platform is robust endpoint management through the Manage Endpoints screen. You can select one or more endpoints using filters and perform a variety of actions on this screen. For more information on working with endpoints, see Perform actions on endpoints in Malwarebytes Cloud Platform.
To access Manage Endpoints, go to Endpoints > Manage Endpoints.
The Status column uses icons to identify endpoints needing attention. The table below shows the different endpoint statuses. On the Endpoint screen you can click an icon to view additional details or to take action on the endpoint.
The Malwarebytes Cloud Console uses filters to simplify management tasks across many endpoints. These filters and their options are at the top of the Endpoints list.
When a filter is applied, the filter icon changes color. A list of applied filters appears above the Endpoints list to show which filters are in use. Click a filter in the filter list to remove it or click Clear Filters to remove all of them.
The Endpoints filter allows a search by endpoint name. Click the Endpoints filter and enter an endpoint name to narrow the list of endpoints displayed.
The Status filter allows a search by current endpoint statuses. Click the Status filter and choose a status to narrow the list of endpoints displayed. Endpoints may have one or more statuses at a time.
The Operating System filter enables a search by Operating Systems on deployed endpoints. Choose an Operating System from the filter list to narrow the endpoints displayed.
The Group filter enables a search by endpoint groups. Click an assigned group name to filter on that group. If you have many groups, you may enter a group name in the filter box to narrow your search.
Groups may be nested within other groups. When navigating a nested group, click Home or Back to return to the previous list.
Groups with folder icons have been imported from Active Directory.
The Policy filter enables searching by policy name. Click the Policy filter and enter a policy name to narrow your search.
The Last Seen filter enables you to select endpoints based on their last check-in with the Cloud Console. Times shown are based upon your current web browser's time zone.
The Drop-down filter on the top right of the Endpoints screen enables additional filtering across all displayed endpoints.
The following items can be filtered in the drop-down:
- Domain Name - Full or partial domain names.
- IP Address/CIDR - Full or partial IP addresses, or CIDR notation for a range of IPs.
- MAC Address - Full or partial MAC addresses.
- OS Type - Includes Workstation or Server options.
From the Manage Endpoints screen, click an endpoint name to view Endpoint Properties. Endpoint Properties provides additional details for each of your endpoints.
The following Endpoint Properties tabs are populated during endpoint software installation. These tabs are updated when there is a software update on the endpoint:
- Overview - Displays the endpoint name, engine version, host and agent information, Operating System, Network Interfaces, Memory information, and Storage device information.
- Software - Displays the software installed on the endpoint.
- Updates - Displays the latest software updates on the endpoint.
- Startup Programs - Displays startup programs on the endpoints.
The other tabs are populated and updated as events occur:
- Detections - Displays all Malwarebytes detections. Selectable by type and actions taken.
- Remediation Required - Displays detections that still require remediation.
- Suspicious Activity - Displays Suspicious Activity found. Requires an Endpoint Protection and Response subscription.
- Quarantine - Displays files up to 30 days old that are quarantined for your protection and isolated from the endpoint operating system.
- Events - Displays logged activities on the endpoint and their severity.
- Tasks - Displays requested or completed operations on the endpoint and their status.
- Scan History - Displays scan records up to 30 days old, their Total Detections, Type, and Origin.
All dates and times shown on these tabs are relative to your web browser settings. You may select individual items on these tabs to see more details.
You may manually refresh assets using Actions > Refresh Assets, or schedule an Asset Inventory Scan to force a refresh of endpoint information at a specified time. Scheduled asset refreshes can be useful if you require frequent Endpoint Properties updates.
The following information is gathered from each endpoint during an Asset Inventory Scan or Asset Refresh:
- Overview tab / Memory Objects - Physical and virtual memory of the endpoints.
- Overview tab / Storage Devices - Connected storage, USB storage, and other devices.
- Software tab - Software installed on the endpoint.
- Updates tab - Software updates that occurred on the endpoint.
- Startup Programs tab - Registry entries for installed startup programs on the endpoint.