AndrewPP

I am on Malwarebytes' staff, in technical PreSales. I see this question asked often, so I am providing a comprehensive response, for you and reference by others too. Your question, in essence, is seeking peer advice about Malwarebytes from existing customers. There are already excellent sources of independent peer review from substantial customers, especially at Gartner PeerInsights (Gartner are a renowned authoritative source of information about the IT industry at-large). Malwarebytes independent reviews at Gartner PeerInsights(tm) https://www.gartner.com/reviews/market/endpoint-protection-platforms/vendor/malwarebytes/product/endpoint-security I suggest you also filter for reviews from companies, same size as yours. Malwarebytes tops PC Magazine Business Choice – Security Software list, 2019 https://www.pcmag.com/news/365749/business-choice-awards-2019-security-software Malwarebytes tops G2 Crowd Anti-virus customer satisfaction list, 2019 https://www.g2crowd.com/categories/antivirus?segment=mid-market This is a formal case study from a customer I worked with, who replaced Kaspersky with Malwarebytes totally. They were happy enough to be publicly referenced. https://resources.malwarebytes.com/files/2019/04/Waverly-Christian-College-CS.pdf We have similar case studies with comparisons to other vendors. https://resources.malwarebytes.com/casestudies/ We run along side Windows Defender very well. Also, if you have the technical capability and skills, you can carefully perform your own independent tests on an isolated/recoverable endpoint of what we find/block which the others miss. We provide 50 current samples and additionallythe same 50 samples with their MD5 Hash changed, which often evades anti-virus only protections. Contact your local Malwarebytes reseller, partner or Malwarebytes sales contact for more information and a link to the samples. Ransomware Protection is one of the seven techniques included in Endpoint Protection. Unlike earlier versions of our product, all protections are included into a single bundle for management. However the inner protection driver services can still be seen running, using this diagnostic script from our support site - https://support.malwarebytes.com/docs/DOC-2617 Endpoint Protection and Response is more advanced and REPLACES and UNINSTALLS Endpoint Security and other variants of Malwarebytes product, across a reboot. Please discuss with your Malwarebytes representative or reseller, if you need to know more. +++ Is Malwarebytes a primary protection solution? +++ I would like to dispel a common myth! Anti-Virus is an old, narrow definition of malware and attack methods. It has become generic and misunderstood by association to long-term vendors. It is also failing, evidenced by these same vendors announcing a rash of 'new generation' detectors added to their suites over the last 12-18 months. Malwarebytes business products which have been available for over 5 years, with latest cloud managed product released in Oct 2017. Our consumer products have been available and used by businesses too, for 10 years. We have many layers of detectors/protections already. Malwarebytes protects against virus, trojans, rootkits and much much more, including adware, Bitcoin miners and more. We do this both with real-time protection, antivirus-like rules, exploit protection, behaviour monitoring against scripts and macros, machine-learning, ransomware monitoring, and also with post-infection disk/system scanning. Many customers use us for post infection cleaning and remediation 'in situ', because their current primary solution is failing them. IF they see too many misses by their current solution, they should to protect in advance with our full product. The Endpoint Protection and Response plugin, an extra subscription, adds flight-recording, suspicious activity analysis, ability to isolate endpoints if lateral infection/malware spread is occurring and rollback ransomware damaged files from a local backup cache. Your account representative, sales team member, or one of our many Reseller partners can assist you with trial etc.

Use the Malwarebytes Excel plugin. It can extract endpoint lists and do deletions. https://support.malwarebytes.com/docs/DOC-2672 Also, you can filter by last seen. It is safer to not delete, if still checking in.

Information about the Endpoint Protection client and its check in frequency, plus a lot of other stuff is in this article on the support site, which describes a lot about its workings - Endpoint Protection - Windows client fundamentals

@Amaroq_Starwind The development team has a copy of this tactical tool for review of concepts and eventual incorporation into our core product. Regarding "I wouldn't mind being able to help out in a more official capacity" - you are welcome to contribute ideas or script fragments via me for possible incorporation. As this is an unofficial tool, simply exchange direct messages with me. I note that I wrote this in Windows batch script so it can run anywhere, which does make programming a bit arcane. PowerShell would have been easier but then is tricker to package to run everywhere. Ditto compiled language requires our development team to arrange a deployable solution.

Change history 2019-04-01 Version 1.11 Added status of the configuration of Endpoint Response Settings for Suspicious Activity Monitoring, Rollback and Isolation reading from last log entry in EndpointAgent.txt Note: The log entry also displayed if plugin subsequently uninstalled which obsoletes other entry in log. 2019-02-21 Version 1.10 Added count of files in EPR Local Backup 2019-01-31 Version 1.08 Added policy.ea_last_update, to show datetime of most recent policy update. Useful when monitoring for recent change.

On this topic, EICAR is actually both a text-readable string and a 16-bit COM/DOS executable with an original purpose to print "EICAR-STANDARD-ANTIVIRUS-TEST-FILE!" It will no longer run on a current Windows operating system. It is archaic and useless, except to demonstrate string/pattern recognition. https://en.wikipedia.org/wiki/EICAR_test_file

Look in this script, it demonstrates extracting versions from Endpoint Protection configuration files. You can copy/replicate the technique.withvother tools/languages. https://support.malwarebytes.com/docs/DOC-2617

The tool was written for supporting the Endpoint Protection cloud/business product,because it has a locked-down minimalist GUI. Home Premium does not have a Management Agent nor Flight Recorder, so status is correctly reported from my tool. Home Premium EXE has a different name to the Endpoint Protection EXEs. It is a minor script change to test/check for that. I will update it by end.of.week. Thanks for your interest.

The Home Premium and Busines - Endpoint Protection cloud-managed products both use the same 'version 3' engine with its 7-layer protection model. Endpoint Protection provides a central cloud-management console for central enforcement of policy and central monitoring. Business Products are only available to customers with 10+ seats. An additional module is available to business users 'response' for isolation, suspicious monitoring and ransomware rollback, but only for much larger seat counts. You are as well protected with Home Premium as you would be with cloud-managed Endpoint Protection i.e. no need to change.

Use [Action] Scan + Quarantine. A task will be queued awaiting endpoint's next login, to be picked up and run. The task will remain on the queue for 3 days and be cancelled - Failied, if not picked up, but you can always queue another.

Both on-demand and scheduled reports Endpoint Exports have a cutoff at 30 days, calculated from last seen. Console can show more endpoints, which haven't checked in, past 30 days. Excel plugin has a date filter, which allows all records to be retrieved.

Try windows command sfc /scannow It can repair obscurely, damaged Windows components.

You can retrieve c:\ProgramData\Malwarebytes Endpoint Agent\logs\MBEndpointAgent.txt and c:\ProgramData\Malwarebytes\MBAMService\MBAMService.log to understand Endpoint behaviour e.g. whether agents and plugins are turned on, running, active at the time, internal errors. They are verbose and for technical support, but you can try reading. All Endpoint Protection customers have an included Premium support subscription, so raise a case via: https://support.malwarebytes.com/community/business/pages/contact-us Log collection instructions are here - https://support.malwarebytes.com/docs/DOC-1818

As responded by another staff member, feature is added to list. My response was a work-around, in case you hadn't seen it.

Alternatively, the logged-in user name at time of a scan is already viewable in Scan Results/History.