Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

1 Neutral

1 Follower

About AndrewPP

  • Rank
    Regular Member

Profile Information

  • Location

Recent Profile Visitors

2,211 profile views
  1. Use a service like this to look up DNS records - https://www.findip-address.com/ you will find it originates from Russia. Or - Google who is https://www.abuseipdb.com/check/ You may need to use Intrusion Detection network monitoring and firewall port monitoring to investigate at an IP Packet level, how the traffic is entering your network. If all of your endpoints only use VPN to connect, then you will need to track down SourceIP, maybe by the VPN server's logs to find the compromised endpoint. These topics are beyond the scope of Malwarebyt
  2. If the Management Agent is running, this command will display component versions. c:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACMD.EXE --versions Help will show additional useful commands c:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACMD.EXE -h
  3. The Excel tool uses a Nebula API and can instruct the Nebula Console to delete duplicate endpoints, kick off scans, move endpoints etc. A description of features is here: https://support.malwarebytes.com/hc/en-us/articles/360038540994-Export-data-with-the-Malwarebytes-Nebula-Excel-Addin-with-Reporting-and-Utilities Note, the Nebula Public API is now available via Settings and documented here - https://api.malwarebytes.com/nebula/v1/docs should customers wish to perform their own integrations. 1. If you rerun the function from Excel, it will do a new query for freshest endpoint
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.