1. Malwarebytes Support
  2. Business Solutions
  3. Malwarebytes Nebula
  4. Learn

Configure Suspicious activity monitoring in Malwarebytes Nebula

  • Updated

Suspicious activity monitoring is a feature included in Malwarebytes Endpoint Detection and Response. It watches for potentially malicious behavior by monitoring the processes, registry, file system, and network activity on the endpoint.

Suspicious activity monitoring uses machine learning models and cloud-based analysis to detect when questionable activity occurs. This article explains how to enable Suspicious activity monitoring in a policy.

To follow the steps in this article, enable the New policies experience switch in the Policies page.

If you have the new policies experience disabled, locate these policy settings by referring to: Malwarebytes Nebula policy with new experience disabled.

Suspicious activity monitoring settings

To locate the Suspicious activity monitoring settings in your policy:

    1. Go to Settings > Policies.
    2. Click New or select an existing policy.
    3. Select the Endpoint Detection and Response tab.
    4. Locate Suspicious activity monitoring to see the specific settings available for each operating system.

Suspicious activity monitoring

Options in this section are as follows:

  • Suspicious activity monitoring: Enables behavioral monitoring for Suspicious Activity on endpoints using machine learning models and cloud-based analysis to detect when questionable activity occurs.

Advanced settings

Advanced settings includes additional features for activity monitoring. 

Options in this section are as follows:

  • Enable server operating system monitoring for suspicious activity: Enables Suspicious Activity Monitoring for server operating systems. Server OS endpoints may cause extra load with Behavioral Monitoring.
  • Enables a very aggressive detection mode: If aggressive detection mode is enabled, Malwarebytes uses a tighter threshold for flagging processes as suspicious and is more aggressive in its detections. Aggressive detection mode helps protect your endpoints from additional unknown threats, but could increase False Positives. 
  • Collect networking events to include in searching: The network events toggle lets you allow or restrict the collection of network events to include in Flight Recorder searches. Toggling this setting ON increases the amount of traffic sent to the cloud. By default, the toggle is set to OFF.

 

Return to the Malwarebytes Nebula platform Administrator Guide.

 

  • Haga clic AQUÍ para ver el manual en español.
  • Clique AQUI para o manual em Portugues.