Malwarebytes Nebula contains real-time protection modules which support stock Windows Server Operating Systems from 2008 through 2019, including variants. Server protection requires one of the following subscriptions:
- Malwarebytes Endpoint Protection for Servers
- Malwarebytes Endpoint Detection and Response for Servers
The real-time protection modules are:
- Web Protection – Prevents connections to malicious or compromised websites
- Exploit Protection – Prevents vulnerability exploits and zero-day attacks
- Malware Protection – Prevents malware infections
- Behavior Protection – Detects and blocks ransomware based on behavior analysis
Some of these protection modules should not be enabled for specific server roles, as they can cause performance or network-related issues.
The following Malwarebytes recommended configurations should be applied to these server roles. Malwarebytes continues improving its protection modules every day and will update the below guidance as new versions are released and tested.
| Windows Server Role | Malwarebytes Recommended Configuration |
|---|---|
| Internet Information Server or other Web Server |
|
| Exchange Server or other SMTP server role |
|
| SQL Server or other database server role |
|
| RDP or terminal services |
|
Set up server exclusions
For performance reasons, you may wish to set up exclusions for specific file types on your server. See the following external articles for more information.
- Exchange Server or other SMTP server role – See the Microsoft article Running Windows antivirus software on Exchange servers.
- %ExchangeInstallPath% is not a supported exclusion file path. For supported exclusion types, see Overview of exclusions in Malwarebytes Nebula.
- SQL Server or other database server role – See the Microsoft article How to choose antivirus software to run on computers that are running SQL Server.
Server policy recommendations
The following suggestions may improve your Malwarebytes experience within a server environment.
Disable automatic reboot
You may wish to disable automatic reboot for server endpoint agents. This policy level change prevents an automatic reboot of servers from Malwarebytes.
- Open the Malwarebytes Nebula.
- Go to Settings > Policies > choose a policy > Windows tab > General tab.
- Set Enable Restart to OFF.
- Click Save.
Disable Malwarebytes Tray interaction for multi-user environments
You may prevent the Malwarebytes Tray from loading on Standard-level user accounts, and only load for Administrator-level users. This is helpful for running Malwarebytes in a more silent manner or in multi-user environments such as Microsoft Terminal Services.
- Open the Malwarebytes Nebula.
- Go to Settings > Policies and choose a policy.
- Under Endpoint Interface Options, set Limit Endpoint Agent Interactions to ON.
- A warning message displays before limiting Malwarebytes Tray interaction. Click OK to proceed, then click Save.
Endpoint Detection and Response (EDR) Settings
If you subscribe to Malwarebytes Endpoint Detection and Response for Servers, we recommend you apply the following policy settings in addition to the ones described above. This helps to ensure your Windows servers get maximum protection.
- Open the Malwarebytes Nebula.
- Go to Settings > Policies > choose a policy > Windows tab > Settings tab.
- Toggle Suspicious Activity Monitoring to ON.
- Toggle Server Operating System Monitoring to ON.
- Toggle Ransomware Rollback to ON.
- Toggle Endpoint Isolation to ENABLED.
- Click Save.
Source : Official Malwarebytes Brand
Editor by : BEST Antivirus KBS Team