Jump to content
JonNorth

Endpoint Protection Cloud - service and update points for monitoring

Recommended Posts

Hi all

 

I am looking to build an interrogation script for Endpoint Protection Cloud for an RMM product, to alert if the service(s)/process(es) is/aren't running, and if it's failed to update in x days. To that end I just need two simple questions answered please:

 

  • What processes and/or services need to be running in order for the agent to be running correctly?
  • Where is the date of the signature file stored?

 

I think the answer to the first question is “C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe and/or C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe” and I think the answer to the second question is “the db_pub_date value (in Epoch time) from C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json” –can anyone please confirm, or not, that I’m in the right places here, and which of those services is the critical one, or if they both are?

Hope you guys can help!

Many thanks
Jon

Share this post


Link to post
Share on other sites

Malwarebytes Endpoint Agent, MBEndpointAgent, "C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe", is your communication service to your cloud portal.
Malwarebytes Service, MBAMService, "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe", is your protection software.
They are both vital.

"C:\ProgramData\Malwarebytes\MBAMService\config\UpdateControllerConfig.json" is the correct place to get your database package version and date, but also your controller and program versions. 

 

Share this post


Link to post
Share on other sites

thanks Dyllon ... as far as i can tell "C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe" is for the endpoint cloud protection and "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" is for MBAM right? if i remove MBAM the "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" will be deleted leaving "C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe" running successfully and independently for the AV, yes?

 

Cheers

 

Share this post


Link to post
Share on other sites

MBAMservice is all your protection items, the scan engine, the realtime for malicious file, web, ransomware and exploit. If it is removed, MBCloudEA will have nothing to control.

Share this post


Link to post
Share on other sites

The MBEP business version's protection software is based on the consumer MB3 technology, but highly modified to be controlled by your cloud portal.

Share this post


Link to post
Share on other sites

brilliant thanks dyllon, exactly what i was after. so i need both services and that epoch value. thanks again chap!

image.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.