Suspicious Activity Monitoring is a feature included in Malwarebytes Endpoint Detection and Response. It watches for potentially malicious behavior by monitoring the processes, registry, file system, and network activity on the endpoint. Suspicious Activity Monitoring uses machine learning models and cloud-based analysis to detect when questionable activity occurs.
Detections are highlighted for your review in the menu pane under Suspicious Activity. Not all activity detected is guaranteed to be malicious, some detections are triggered by benign operations on the system.
The Suspicious Activity screen gives context for each detection to help determine whether the activity is truly malicious. Once an administrator understands what triggered the detection, they can choose to remediate the threat or close the incident as an expected behavior.
- Subscription to Malwarebytes Endpoint Detection and Response.
- User role must be Super Admin to access the Suspicious Activity screen in the console.
- For optimal performance, reserve 1.1Mbps of network bandwidth for every 100 endpoints that use Suspicious Activity Monitoring.
To enable Suspicious Activity Monitoring and manage related events, see:
- Enable Suspicious Activity Monitoring in Malwarebytes Endpoint Detection and Response
- Remediate or close Suspicious Activity events in Malwarebytes Endpoint Detection and Response
Return to the Malwarebytes Nebula platform Administrator Guide.