The Malwarebytes Support Tool command line version is used to cleanup and remove Malwarebytes products. The Support Tool removes Malwarebytes Endpoint Security and Malwarebytes Endpoint Protection, including their files, settings, and license information. To remove Malwarebytes software from a Windows endpoint, download the Support Tool, then run it from the Command Prompt.
In the Command Prompt, you can use switches to specify how you want to remove the Malwarebytes software. A list of switches and instructions on how to use them are in this article.
Note: Before running the Malwarebytes Business Support Tool, you must:
- Disable Self-Protection Module in Malwarebytes Nebula policy settings.
- Disable Tamper Protection in Malwarebytes Nebula policy settings.
- Disable Tamper Protection in Windows Security settings.
If Tamper Protection cannot be disabled, use our Nebula Discovery & Deployment tool to remove Malwarebytes.
Download and run the Malwarebytes Business Support Tool
- Click here to download the latest version of Malwarebytes Business Support Command Line Tool and save it to the desktop.
- Open Command Prompt as an administrator.
- In the command window, type in cd C:\Users\(name of username)\desktop or cd %userprofile%\desktop
- Run the following command to clean the Malwarebytes agent when Tamper Protection is disabled:
- mbstcmd-[file version number].exe /y /cleanup /epatoken "NoTamperProtection"
- Reboot manually
- Open Command Prompt as an administrator and navigate to the same directory. Then run the following command:
- mbstcmd-[file version number].exe /y /cleanup
- Reboot manually
- Verify the following directories are removed. If they are not, remove them manually:
- C:\Program Files\Malwarebytes Endpoint Agent
- C:\ProgramData\Malwarebytes Endpoint Agent
- C:\Program Files\Malwarebytes
Command line switches
Here is a list of switches you can use to execute the Malwarebytes Business Support Tool:
- Accepts the EULA. Without this command you will not be able to run the tool.
- Uninstalls all versions of Malwarebytes products it finds on the machine.
- Does not reinstall or reactivate the Malwarebytes installation.
- Generates output (mbst-clean-results.txt) to the directory where the Support Tool was run from.
- Forces a reboot to perform post-reboot cleanup.
- Optional: Prevents unscheduled reboots after cleanup. Recommended for Servers.
- Optional: Ensures there is no post reboot cleanup.
- The Post Reboot Cleanup execution is intended to run subsequent to a reboot.
- If the /nopr switch is done prior to reboot, it will fail after attempting to perform a post-boot cleanup and attempt to remove files locked by the operating system.
- /epatoken "NoTamperProtection"
- Clears the Windows error message indicating there is an illegal 64-bit app. This can occur on endpoints still registering a Tamper Protection token, but already have this policy setting disabled in Nebula.
- This does not reset the epatoken or disable Tamper Protection.
- Full support tool command line process with switch options included:
mbstcmd-[file version number].exe -y -cleanup -noreboot -nopr -epatoken "NoTamperProtection" reboot manually mbstcmd-[file version number].exe -y -cleanup reboot manually