You can manually add Mac endpoints to the Malwarebytes Nebula platform in a few different ways. The most common method is to copy an installer file to the endpoint and run the file from the endpoint. You may also add endpoints using the command line or with a dissolvable remediation tool.
This article covers the following methods:
- Use a downloaded installer and copy it to the endpoint.
- Command line remote installation for Mac endpoints, which can be run silently.
- Dissolvable Unmanaged Remediation Tools installation.
If you have many endpoints, you can use the macOS PKG installer with Mobile Device Manager (MDM) solutions such as JAMF.
Use a downloaded installer
To manually add an endpoint to the Malwarebytes Nebula platform, download the Malwarebytes Endpoint Agent installation file and run the file from the endpoint. Each is pre-configured for your account.
Malwarebytes provides endpoint installers for you to use with your preferred installation method.
Mac Endpoint Installer Notes
- Do not change the name of the downloaded installer file as it retrieves the accounttoken value from the file's name.
- The following items are mandatory for correct operation:
- Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group as a parameter.
- The Installation process shows how to download and manually run the endpoint installer on your macOS devices. Alternatively, you can share the installer with your endpoint users by clicking the following in the Nebula Downloads page:
- Email link: Click this button to email the endpoint installer to your endpoint users. This email pre-populates with a download link unique to your Nebula account. Your recipients can click this link to install the agent. The link expires after 7 days.
- Copy link: Click this button to copy the installer download link to your clipboard. The download link is unique to your Nebula account, and expires after 7 days.
Installation process
- Log in to the Malwarebytes Nebula platform.
- Go to Downloads.
- In the Mac section, click Download to download the Mac Endpoint Installer to your local device.
- It is mandatory to keep _[xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx]__ naming as this is your accounttoken value, which identifies your account to the macOS installer.
- If you are deploying via Mobile Device Management app and the brackets [ ] are incompatible i.e. JAMF, replace the PKG filename brackets to an underscore enclosing the account token:
File name downloaded New file name Setup.MBEndpointAgent_[xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx]__.pkg Setup.MBEndpointAgent__xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx___.pkg
- After you have downloaded the installer, copy it to the endpoint and run the installer.
- When the installation process completes, the Management Agent registers and the endpoint shows up in the Malwarebytes Nebula platform console.
- The Management Agent retrieves Policy information and configures the endpoint, downloading Agents for the configured features. This process takes about 5 minutes until the endpoints is protected and ready to scan.
Command line remote installation for Mac
You may use the terminal command below to perform a silent install on Mac endpoints while specifying the group. See the GROUP variable above for details on locating the GroupID. The command is shown on multiple lines due to the length of the command.
sudo launchctl setenv MALWAREBYTES_GROUP <GroupID> ; sudo -E /usr/sbin/installer -pkg Setup.MBEndpointAgent_[aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa]_.pkg -target /
Check macOS Services and security extension
$ sudo launchctl list | grep com.malwarebytes*
Password:
1750 0 com.malwarebytes.ncep.settings.daemon
- 0 com.malwarebytes.UserAgent
1748 0 com.malwarebytes.ncep.rtprotection.daemon
1649 0 com.malwarebytes.EndpointAgent
$ kextstat | grep malwarebytes
187 0 0xffffff7f85a07000 0x8000 0x8000 com.malwarebytes.ncep.rtprotection (3.9.16) 9EF16C6D-E345-31AF-8646-2507C3F781D8 <6 5 3 1>
Dissolvable unmanaged remediation tools
You may prefer to use a dissolvable remediation tool instead of an installer. At the bottom of the console Downloads screen is the Remediation (Unmanaged) section. Here you can download the following Malwarebytes dissolvable unmanaged remediation tool.
Mac Breach Remediation: our dissolvable remediation program for Mac endpoints. For more information, see the Malwarebytes Breach Remediation (Mac) Administrator Guide.
Return to the Malwarebytes Nebula platform Administrator Guide.