One of the primary functions of Malwarebytes Nebula platform is to keep you informed of malware-related activities on your endpoints. This article provides an overview of the Dashboard, Detections, and Quarantine screens. These screens provide information to help you understand what is happening in your environment.
The Dashboard provides a high level view of malware-related activities on your network. It presents a summarized view of the information displayed in more detail on other Malwarebytes screens.
Widgets show different data points on the Dashboard. These widgets are:
- Endpoints by status: Shows endpoint statuses and the count of endpoints currently in each status.
- Endpoints by operating system: Shows the number endpoints for each operating system.
- Endpoints by activity: Shows endpoints that are active for the past 7 days, inactive for the past 30 days, and inactive beyond the past 30 days.
- Detections by status: Shows a chart that displays the total number of blocked, quarantined, and found detections for the past 7 days.
- Detections by type: Shows the number of detections by category for the past 7 days.
- Detections per day: Shows a chart that displays daily detection activity trends for the past 30 days.
- Detections cleaned: Shows the number of detections by category that have been cleaned for the past 72 hours.
- Top 10 endpoints with detections: Shows the top 10 endpoints with detections for the past 90 days.
- Top 10 malware detections: Shows the top 10 malware detections for the past 90 days.
- Top 10 PUM detections: Shows the top 10 Potentially Unwanted Modifications (PUM) detections for the past 90 days.
- Top 10 PUP detections: Shows the top 10 Potentially Unwanted Programs (PUP) detections for the past 90 days.
- Top 10 blocked websites: Shows the top 10 blocked websites, domains or IP addresses for the past 24 hours.
- Tasks by status: Shows the number of tasks in each status for the past 24 hours.
- Suspicious Activity per day: Shows a chart that displays daily Suspicious Activity trends for the past 30 days.
- Top 10 Suspicious Activity detection rules: Shows the top 10 Suspicious Activity detection rules for the past 24 hours.
Information shown on the Dashboard is current as of the time you access the Dashboard.
This screen provides a detailed list of all threats detected on your endpoints from scans. By default, these are sorted from the most recent to the oldest detections.
Several data columns display information for each detection. These columns are:
- Name: The name of the detection.
- Action Taken: The action Malwarebytes took on the detection.
- Category: The detection's larger threat family or type.
- Type: The specific file, path, or process type of the detection.
- Endpoint: The name of the endpoint where the detection was found.
- Location: The file path of the detection.
- Date: The date when Malwarebytes found the detection.
Each column can be filtered to narrow the results. Use these column filters to focus on the most important information.
When clicking on filters, the filter list in the middle of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all.
Click on the name of a detection to view details. This information is to help inform about threats on your endpoints and where they originate in your environment.
When a file is quarantined, it has been detected and isolated so that it can't harm your endpoints. The Quarantine screen allows you to view these items.
While Malwarebytes uses its best judgment whether a file is a threat, false positives are possible. You may also find items in Quarantine which are trusted files. Do not assume that the contents of Quarantine are either malicious or safe.
The Date, Category, and Type columns can be filtered to narrow the results. Use these column filters to focus on the most important information.
When clicking on filters, the filter list at the top of the screen shows which filters are applied. Click on a filtered item to remove it, or Clear Filters to remove them all.
Click a threat name for details, or click an endpoint to jump to the details screen for that endpoint.
While the Quarantine screen shows all quarantined threats across your network, the actual threats remain in an encrypted state on the endpoints where they were found. The quarantine location is a predefined folder on your endpoints.
- Windows endpoints: C:\ProgramData\Malwarebytes\MBAMService\Quarantine
- Mac endpoints: /Library/Application Support/Malwarebytes/NCEP/Quarantine/
You may perform the following actions on quarantined items from the console:
- Restore (Windows only): Moves the item from Quarantine to its original location on the endpoint. Use this for items known to be safe.
- Delete: Immediately and permanently destroys the file. This action is irreversible.
You may restore quarantined items on Mac endpoints by moving the file on the endpoint from Quarantine to the original location. This action not available from the console for Mac endpoints.
Return to the Malwarebytes Nebula platform Administrator Guide