Restore an Endpoint Agent configuration in Malwarebytes Cloud Platform

Document created by bgoddard Employee on Oct 30, 2019Last modified by bgoddard Employee on Nov 13, 2019
Version 9Show Document
  • View in full screen mode

The Malwarebytes Endpoint Agent stores operational settings in a configuration file on the endpoint. This file is automatically backed up on a regular schedule and can be restored as needed. This article walks you through using the Configuration Recovery Tool to restore the configuration file.


By default, the configuration file is stored on each endpoint at C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe.config. This is the installation directory for the Endpoint Agent executable. It may be different based on your environment.


Occasionally, the MBCloudEA.exe.config file can become corrupted. This may happen because the endpoint loses power while saving a setting to the file. If the file is corrupted, the Endpoint Agent service cannot start. Malwarebytes automatically backs up of the configuration file, and these backups can be restored using the Configuration Recovery Tool.


The Endpoint Agent creates up to five backups of the configuration file, with the newest file having the lowest number in the sequence. Backups are stored in the same folder as the config file.


The Configuration Recovery Tool executable is ConfigurationRecoveryTool.exe and is in the same directory as the configuration file and backups.



The Recovery Tool must be run from an elevated Administrator command prompt. 

  1. Open an elevated command prompt.

  2. Navigate to the Endpoint Agent installation directory. The default is C:\Program Files\Malwarebytes Endpoint Agent\

  3. Run the Recovery Tool with the following command:
    ConfigurationRecoveryTool.exe [path to exe] [Optional path to backup folder]

    [path to exe] is the name of the executable that uses the configuration file you're restoring. For the Malwarebytes Endpoint Agent, use MBCloudEA.exe.

    [Optional Path to backup folder]
     is the directory where the backups are located. If using the current directory, leave this blank.

  4. The Recovery Tool tries to load the current configuration file. There are three outcomes:
    1. If the current file loads successfully, it will not be replaced.

    2. If the current file does not load successfully, the Recovery Tool proceeds through each backup, attempts to load it, and restores the file if successful. The tool continues this process until a backup has been successfully restored.

    3. If no valid backups are available, you must manually restore the configuration, use the Recovery Tool to restore from a different location, or reinstall the endpoint.


See also



Return to the Malwarebytes Cloud Platform Administrator Guide