Add Mac endpoints in Malwarebytes Nebula

You can manually add Mac endpoints to the Malwarebytes Nebula platform in a few different ways. The most common method is to copy an installer file to the endpoint and run the file from the endpoint. You may also add endpoints using the command line or with a dissolvable remediation tool.

This article covers the following methods:

• Use a downloaded installer and copy it to the endpoint.
• Command line remote installation for Mac endpoints, which can be run silently.
• Dissolvable Unmanaged Remediation Tools installation.

If you have many endpoints, you can use the macOS PKG installer with Mobile Device Manager (MDM) solutions such as JAMF.

Use a downloaded installer

To manually add an endpoint to the Malwarebytes Nebula platform, download the Malwarebytes Endpoint Agent installation file and run the file from the endpoint. Each is pre-configured for your account.

Malwarebytes provides endpoint installers for you to use with your preferred installation method.

Mac Endpoint Installer Notes

• Do not change the name of the downloaded installer file as it retrieves the accounttoken value from the file's name.
• To deploy on Mac M1 chip endpoints, see Deploy Malwarebytes Endpoint Agent on Macs running Apple M1 chip.
• The following items are mandatory for correct operation:
  • For macOS 10.13 and 10.14, Approve kernel/security framework extension for Malwarebytes Endpoint Protection on Mac devices
  • For macOS 10.15, Mac endpoint missing Full Disk Access in Malwarebytes Nebula

• Endpoints are assigned to the Default Group and use the Default Policy unless you specify a different group as a parameter.
• The Installation process shows how to download and manually run the endpoint installer on your  macOS devices. Alternatively, you can share the installer with your endpoint users by clicking the following in the Nebula Downloads page:
  • Email link: Click this button to email the endpoint installer to your endpoint users. This email pre-populates with a download link unique to your Nebula account. Your recipients can click this link to install the agent. The link expires after 7 days.
  • Copy link: Click this button to copy the installer download link to your clipboard. The download link is unique to your Nebula account, and expires after 7 days.

Installation process

1. Log in to the Malwarebytes Nebula platform.
2. Go to Downloads.
3. In the Mac section, click Download to download the Mac Endpoint Installer to your local device.
   • We recommend you keep __xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx___ naming as this is your accounttoken value, which identifies your account to the macOS installer.
4. After you have downloaded the installer, copy it to the endpoint and run the installer.
5. When the installation process completes, the Management Agent registers and the endpoint shows up in the Malwarebytes Nebula platform console.
6. The Management Agent retrieves Policy information and configures the endpoint, downloading Agents for the configured features.  This process takes about 5 minutes until the endpoints is protected and ready to scan.

Command line remote installation for Mac

You may use the terminal command below to perform a silent install on Mac endpoints by software deployment and management systems.

sudo -E /usr/sbin/installer -pkg Setup.MBEndpointAgent__aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa___.pkg -target /

You may use the terminal command below to perform a silent install on Mac endpoints, while specifying the target group. Group identifiers may be seen in the Nebula Console Downloads 'Specify group assignment' link.  The command is shown on multiple lines due to the length of the command.

sudo launchctl setenv MALWAREBYTES_GROUP <GroupID> ; sudo -E /usr/sbin/installer -pkg Setup.MBEndpointAgent__aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa___.pkg -target /

Check macOS Services and security extension (up to 10.14)

$ sudo launchctl list | grep com.malwarebytes*
Password:
1750 0 com.malwarebytes.ncep.settings.daemon
- 0 com.malwarebytes.UserAgent
1748 0 com.malwarebytes.ncep.rtprotection.daemon
1649 0 com.malwarebytes.EndpointAgent

$ kextstat | grep malwarebytes
187 0 0xffffff7f85a07000 0x8000 0x8000 com.malwarebytes.ncep.rtprotection (3.9.16) 9EF16C6D-E345-31AF-8646-2507C3F781D8 <6 5 3 1>

Dissolvable unmanaged remediation tools

You may prefer to use a dissolvable remediation tool instead of an installer. At the bottom of the console Downloads screen is the Remediation (Unmanaged) section. Here you can download the following Malwarebytes dissolvable unmanaged remediation tool.

Mac Breach Remediation: our dissolvable remediation program for Mac endpoints. For more information, see the Malwarebytes Breach Remediation (Mac) Administrator Guide.

Return to the Malwarebytes Nebula platform Administrator Guide.

• Haga clic AQUÍ para ver el manual en español.
• Clique AQUI para o manual em Portugues.