Dashboard, detections, and quarantined items in Malwarebytes Cloud Platform

Document created by bgoddard Employee on Oct 30, 2019Last modified by bgoddard Employee on Nov 13, 2019
Version 7Show Document
  • View in full screen mode

One of the primary functions of Malwarebytes Cloud Platform is to keep you informed of malware-related activities on your endpoints. This article provides an overview of the Dashboard, Detections, and Quarantine screens. These screens provide information to help you understand what is happening in your environment.

 

Dashboard

The Dashboard provides a high level view of malware-related activities on your network. It presents a summarized view of the information displayed in more detail on other Malwarebytes screens.

 

The Dashboard view includes:

  • Total managed endpoints, a list of statuses with total endpoints in each status, and the number of endpoints that haven’t been seen for over 7 days.
  • Threats cleaned during the past 72 hours, broken down by Malware, Potentially Unwanted Programs, Potentially Unwanted Modifications, Ransomware, Exploits, and Websites.
  • Tasks issued by the console over the past 24 hours, broken down by status: success, failure or pending.
  • Threats detected during the past 90 days, broken down by Malware, Potentially Unwanted Programs, Potentially Unwanted Modifications, Ransomware, Exploits, and Websites.
  • A bar graph showing Malware, Potentially Unwanted Programs, Potentially Unwanted Modifications, Ransomware, and Exploits by day, over the past 30 days.
  • Number of suspicious activities detected in the last 24 hours, categorized by severity.
  • List of Top 10 endpoints with the most detections over the past 90 days.
  • List of Top 10 suspicious activities detected in the last 24 hours.
  • List of Top 10 malware detections over the past 90 days.
  • List of Top 10 Potentially Unwanted Programs over the past 90 days.
  • List of Top 10 Potentially Unwanted Modifications over the past 90 days.
  • List of Top 10 malicious/suspicious websites blocked in the last 24 hours.

 

Information shown on the Dashboard is current as of the time you access the Dashboard. 

 

Detections

This screen provides a detailed list of all threats detected during a scan in the past 30 days. A bar graph shows the level of threat activity on each day in that period. Hovering over any date with detected threats shows a breakdown of types of threats detected on that day. 

 

Click on the name of a detection to view details.

 

The main area of the screen shows the list of all detected threat data. Each column can be filtered to narrow the  results. Use these column filters to focus on the most important information.

 

When clicking on filters, the filter list in the middle of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all.

 

Quarantine

When a file is quarantined, it has been detected and isolated so that it can't harm your endpoints. The Quarantine screen allows you to view these items. 

 

While Malwarebytes uses its best judgment whether a file is a threat, false positives are possible. You may also find items in Quarantine which are trusted files. Do not assume that the contents of Quarantine are either malicious or safe.

 

At the top of the screen, use the drop-down lists to filter items by threat Category or Time Period. Click on a threat name for details, or click an endpoint to jump to it's details screen.

 

While the Quarantine screen shows all quarantined threats across your network, the actual threats remain in an encrypted state on the endpoints where they were found. The quarantine location is a predefined folder on your endpoints.

  • Windows endpointsC:\ProgramData\Malwarebytes\MBAMService\Quarantine
  • Mac endpoints/Library/Application Support/Malwarebytes/NCEP/Quarantine/

 

You may perform the following actions on quarantined items from the console:

  • Restore (Windows only): Moves the item from Quarantine to its original location on the endpoint. Use this for items known to be safe.
  • Delete: Immediately and permanently destroys the file. This action is irreversible.

 

You may restore quarantined items on Mac endpoints by moving the file on the endpoint from Quarantine to the original location. This action not available from the console for Mac endpoints.

 

See also

 

 

Return to the Malwarebytes Cloud Platform Administrator Guide 

Attachments

    Outcomes