Manage endpoints in Malwarebytes Cloud Platform

Document created by bgoddard Employee on Sep 24, 2019Last modified by bgoddard Employee on Dec 3, 2019
Version 11Show Document
  • View in full screen mode

The Malwarebytes Cloud Platform offers detailed endpoint management through the Endpoints screen. You can select one or more endpoints and perform a variety of actions. For more on working with endpoints, see Perform actions on endpoints in Malwarebytes Cloud Platform.

 

Go to Endpoints to access your endpoints. 

 

The Status column uses icons to show endpoints needing attention. The table below lists the different endpoint statuses. On the Endpoint screen you can click an icon to view additional details or to act on the endpoint.

 

IconStatus

This endpoint hasn’t had a scan in some time. Hover over the icon to see how long it has been since the last scan. Run a scan to keep the endpoint free from threats.

A scan is pending on the endpoint.

A scan is currently running on the endpoint.

The endpoint has threats that were detected during a scan that need remediation.

Remediation of threats is pending on the endpoint.

The endpoint is being remediated.

The endpoint needs a reboot to quarantine detected threats.

A reboot command is still pending.

Suspicious activity was found on the endpoint. Requires an Endpoint Protection and Response subscription.

The endpoint is isolated. Requires an Endpoint Protection and Response subscription.


Filter endpoints

The Malwarebytes Cloud Console uses filters to simplify management tasks across many endpoints. These filters and their options are at the top of the Endpoints list.

 

When a filter is in use, the filter icon changes color. A list of applied filters appears above the Endpoints list to show which filters are in use. Click a filter in the list to remove it or Clear Filters to remove them all.

 

The Endpoints filter allows a search by endpoint name. Click the Endpoints filter and enter an endpoint name to narrow the endpoints displayed. 

 

The Status filter allows a search by current endpoint statuses. Click the Status filter and choose a status to narrow the  endpoints displayed. Endpoints may have more than one status at a time.


The status column uses icons to display endpoint information. See above for a description of each icon.

 

The Operating System filter enables a search by Operating Systems on deployed endpoints. Choose an Operating System from the filter list to narrow the endpoints displayed.

 

The Group filter enables a search by endpoint groups. Click an assigned group name to filter on that group. If you have many groups, you may enter a group name in the filter box to narrow your search. 

 

Groups can be nested within other groups. When navigating a nested group, click Home or Back to return to the earlier list.

 

Groups with folder icons are imported from Active Directory.

 

The Policy filter enables searching by policy name. Click the Policy filter and enter a policy name to narrow your search.

 

The Last Seen filter lists endpoints based on when they last checked in. Times shown are based on your browser time zone.

 

The drop-down filter on the top right of the Endpoints screen enables additional endpoint filtering.


The following items are available in the drop-down filter:

  • Domain Name - Full or partial domain names.
  • IP Address/CIDR - Full or partial IP addresses, or CIDR notation for a range of IPs.
  • MAC Address - Full or partial MAC addresses.
  • OS Type - Includes Workstation or Server options.

 

Endpoint Properties

From the Endpoints screen, click an endpoint name to view Endpoint Properties. Endpoint Properties provides additional details for each of your endpoints.

 

The following Endpoint Properties tabs are populated during endpoint software installation. These tabs update when there is a software update on the endpoint:

  • Overview - Displays the endpoint name, engine version, host and agent information, Operating System, Network Interfaces, Memory information, and Storage device information.
  • Software - Displays the software installed on the endpoint.
  • Updates - Displays the latest software updates on the endpoint.
  • Startup Programs - Displays startup programs on the endpoints.

 

The other tabs are populated and updated as events occur:

  • Detections - Displays all Malwarebytes detections. Selectable by type and actions taken.
  • Remediation Required - Displays detections that need remediation.
  • Suspicious Activity - Displays Suspicious Activity found. Requires an Endpoint Protection and Response subscription.
  • Quarantine - Displays quarantined files up to 30 days old. Quarantined files are isolated from the endpoint operating system. 
  • Events - Displays logged activities on the endpoint and their severity.
  • Tasks - Displays requested or completed operations on the endpoint and their status.
  • Scan History - Displays scan records up to 30 days old, their Total Detections, Type, and Origin.

 

All dates and times shown are relative to your browser settings. You may select individual items on these tabs to see more details. 

 

You may refresh assets using Actions > Refresh Assets, or schedule an Asset Inventory Scan to force a refresh at a specified time. Scheduled asset refreshes can be useful if you need frequent Endpoint Properties updates.

 

An Asset Inventory Scan or Asset Refresh gets the following information from your endpoints:

  • Overview tab / Memory Objects - Physical and virtual memory of the endpoints. 
  • Overview tab / Storage Devices - Connected storage, USB storage, and other devices.
  • Software tab - Software installed on the endpoint.
  • Updates tab - Software updates that occurred on the endpoint.
  • Startup Programs tab - Registry entries for installed startup programs on the endpoint.

 

See also

 

 

Return to the Malwarebytes Cloud Platform Administrator Guide 

Attachments

    Outcomes