Some Malwarebytes Nebula actions may be performed by command line to help with custom scripting or automation by software deployment and remote monitoring and management (RMM) tools.
The Endpoint Agent Command-line tool, EACmd, is a Windows™ application created to communicate with the Endpoint Agent service. This article covers suggested methods of using EACmd in your scripts or deployment methods.
EACmd works with the Endpoint Agent using the same communication method as the Endpoint Agent Tray program. EACmd is located on each Windows endpoint at C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe.
|--loglevel=VALUE||The level of logging to set the service. Valid values are Debug and Info.|
|-d, --diag||Collect a diagnostic log for the Endpoint Agent service.|
|--debug||Set the level of logging to debug for the program.|
|--refreshagentinfo||Update the agent information for the endpoint. This will immediately post the information to the cloud console.|
|--updateprotection||Manually updates protection service.|
|--updatesoftware||Manually checks for a software update and if one exists, it is downloaded then installed (or paused) based on policy settings.|
|--versions||Collect and display versions.|
|--runpendingsoftwareupdate||Manually checks for pending software updates and if one exists, it is installed regardless of policy settings.|
|-h, --help||Display a usage message for the EACmd program with all of the options.|
|--syncnow||Sync with server.|
|--testconnections||Tests connection to Malwarebytes servers.|
|--certcheck=VALUE||Check if file passes signature check.|
|--getmachineids||Get machine identifiers.|
|--verifyaccounttoken=VALUE||Checks if the supplied account token matches the currently stored account token.|
|--changeaccounttoken=VALUE||Changes the current account token to the one within Nebula. Administrative privileges required.|
|--proxy.server=VALUE||Changes the current proxy server address. Administrative privileges required.|
|--proxy.bypassOnLocal=VALUE||Enable or disable bypass proxy. Administrative privileges required.|
|--proxy.port=VALUE||Changes the current proxy port number. Administrative privileges required.|
|--proxy.user=VALUE||Changes the current proxy username. Administrative privileges required.|
|--proxy.password=VALUE||Changes the current proxy password. Administrative privileges required.|
|--proxy.clear||Clear all proxy settings. Administrative privileges required.|
|--threatScan||Performs a Threat Scan unless Allow Users to run a threat scan is disabled in the policy.|
Check for Protection Updates via command line (Windows)
This command performs an immediate check for Protection Updates. It is identical to performing a Protection Updates check from the Endpoints screen in the console.
Scans perform this check before scanning. The Protection Updates check also ensures Real-Time Protection uses the most recent updates.
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe -updateprotection
Check for Software Updates via command-line (Windows)
This command performs an immediate check for updates to the Malwarebytes software on the endpoint. It is identical to performing a Software Updates check from the Endpoints screen in the console.
Any manual check for Software Updates ignores the Pause Software Updates policy setting.
C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe -updatesoftware
Return to the Malwarebytes Nebula Administrator Guide.