Below are comparison tables for Policy and Admin features found in Malwarebytes Endpoint Security and Malwarebytes Endpoint Protection. Use these supplemental checklists to compare what features are offered in the Malwarebytes Endpoint Security on-premises Management Console, and what the equivalent feature is in the Malwarebytes Endpoint Protection cloud-based console, if applicable.
This article acts as a companion document with Malwarebytes Endpoint Security to Malwarebytes Endpoint Protection migration best practices. Organizations planning to migrate their managed endpoints from our on-premises solution to our cloud-managed solution may find this feature comparison useful during transition.
Policy feature comparison
The following tables highlight features/tabs found in the Malwarebytes Endpoint Security Policy pane. The Malwarebytes Endpoint Protection column shows if an equivalent feature exists, and its location in the Nebula console.
General
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| Terminate Internet Explorer during threat removal | Not available in Malwarebytes Endpoint Protection |
| Anonymously report usage statistics | Not available in Malwarebytes Endpoint Protection |
| Create right click context menu | Policy > Endpoint Interface Options > Context Menu Scans |
| Automatically save log file after scan completes | Malwarebytes Endpoint Protection can generate a logfile anytime, but contains more than detections and quarantines. Right-click the Malwarebytes icon while holding the Ctrl key or via CLI Windows command line C:\Program Files\Malwarebytes Endpoint Agent\MBCloudEA.exe -diag |
| Open log file immediately after saving | Not available in Malwarebytes Endpoint Protection |
| Warn if database is outdated by | Not available in Malwarebytes Endpoint Protection |
| Language | Not available in Malwarebytes Endpoint Protection |
| Start Up Type (Automatic, Manual, Disabled, Automatic (Delayed Start) | Automatic = normal operation in Malwarebytes Endpoint Protection
Manual = not available in Malwarebytes Endpoint Protection Disabled = Not available. Endpoint agent always starts on the endpoint unless uninstalled. Can move endpoint to group that doesn’t have any scheduled scans and turn off all 4 layers of protection in Policy > Windows > Settings > Real-Time Protection Automatic (Delayed Start) = Policy > Windows > Settings > Startup options > Delayed Real-Time Protection |
| Enable Service Recovery Options | Not available in Malwarebytes Endpoint Protection |
Protection
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| Enable Protection Module | Windows > Settings > Malware Protection On |
| Start file execution blocking when protection module starts | Windows > Settings > Malware Protection On |
| Start malicious website blocking when protection module starts | Start Malicious Website Blocking = Windows > Settings > Web Protection On
Malwarebytes Endpoint Protection: Unlike Malwarebytes Endpoint Security, Website Blocking cannot be enabled/disabled by the end user, it must be done in the Malwarebytes Nebula platform by an Admin User |
| Show tooltip balloon when malicious website is blocked | Endpoint Interface Options > Real-time Notifications On |
| Advanced Settings | |
| Silent mode | Show Icon in Notification Area Off, but no option to still allow for right-click context menu on Windows endpoints.
Malwarebytes Endpoint Security: In Silent mode, the only indication that the managed client is present on their machine is the right-click context menu. |
| Limited user mode | Show Icon in Notification Area On, User Threat Scan On
Malwarebytes Endpoint Security: The managed client is visible as an icon in the system tray, but only with options to start a scan or to check for updates. Malwarebytes Endpoint Protection: No option to check for updates (manually checking for updates is only available within the Nebula console), has option to show icon but not allow on demand threat scan. |
| Auto quarantine | No corresponding Malwarebytes Endpoint Protection setting. During an on-demand scan, threats are automatically quarantined. |
| AQ Tool Tip when file system threat is blocked | No corresponding Malwarebytes Endpoint Protection setting. Real-time Notifications On may show a tool tip when a manual scan is initiated. End-User Initiated scans will always show scan status window. |
| Disable website blocking | Windows > Settings > Malware Protection Off
Disable the feature completely, checking this box prevents website blocking from being started via the end-user interface. |
| startup delay | Windows > Settings > Startup Options > Delay Real-Time Protection On (then select the number of seconds to delay) |
Scanner
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| Scan memory objects | Default behavior of Threat Scan. |
| Scan startup objects | Default behavior of Threat Scan. |
| Scan registry objects | Default behavior of Threat Scan. |
| Scan file system objects | Not available in on-demand scan, only scheduled scan. |
| Scan additional items against heuristics | Default behavior of Threat Scan. |
| Enable scanning inside archives | Windows or Mac > Settings > Scan Options > Scan within Archives = On |
| Enable advanced heuristics engineer (Heuristics.Shuriken) | Windows or Mac > Settings > Scan Options > Anomalous File Detection = On |
| Action for potentially unwanted programs (PUP) | Windows or Mac > Settings > Scan Options > Select how to treat PUP detection
Malwarebytes Endpoint Security allows for 3 settings, Malwarebytes Endpoint Protection only allows 2 settings: Do not show in results list = Ignore Detections show in results list and check for removal = Treat Detections as Malware show in results list and do not check for removal = Not available in Malwarebytes Endpoint Protection |
| Action for potentially unwanted registry modifications (PUM) | Windows or Mac > Settings > Scan Options > Select how to treat PUM detection
Malwarebytes Endpoint Security allows for 3 settings, Malwarebytes Endpoint Protection only allows 2 settings: Do not show in results list = Ignore Detections show in results list and check for removal = Treat Detections as Malware show in results list and do not check for removal = not available in Malwarebytes Endpoint Protection |
| Action for peer-to-peer software (P2P) | Not available in Malwarebytes Endpoint Protection |
Scheduler (Settings for each scan)
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| Type (Scan) | Malwarebytes Endpoint Protection Options: Scan, Asset Refresh |
| Frequency (Hourly, Daily, Weekly, Monthly, Once, On reboot) | Malwarebytes Endpoint Protection Options: Hourly, Daily, Weekly |
| Recover if missed by: (0-23 hours) | Not available in Malwarebytes Endpoint Protection |
| Starting on: (date) | Settings > Schedules > Scan Schedule |
| repeating every (1-48 hours, 1-30 days, 1-8 Weeks) | Hours 1-23, Daily 1, Weekly 1 |
| Type (Quick scan, Full scan, Flash scan) | Malwarebytes Endpoint Protection options: Threat Scan, Custom Scan, Hyper Scan |
| Wake computer from sleep to perform task | Not available in Malwarebytes Endpoint Protection |
| Remove and quarantine all threats automatically | Settings > Schedules > Scan Type > Quarantine threats automatically |
| Perform scheduled scan silently from system account | Default behavior for Malwarebytes Endpoint Protection, cannot be changed |
| Save log file regardless of user settings | Default behavior for Malwarebytes Endpoint Protection, cannot be changed |
| Terminate program when scan completes successfully | Not available in Malwarebytes Endpoint Protection |
| Restart the computer if required for threat removal | Settings > Policies > General > Reboot Options > Enable Restart On – can also specify postpone and time – This policy setting applies to all scheduled and on demand scans for endpoints that are part of a group using this policy. |
Malwarebytes Anti-Malware Exclusions
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| List of exclusions for files, directories, registry keys, IP Addresses separated by new line | Each entry (Drive, Folder/File, File Extension, MD5 Hash, Registry key, Website/IP address or exclude an application from Web Monitoring) is entered via web based dialog or in bulk via Excel Add-In, and can apply exclusions to one or more Protection areas (Exploit, Ransomware, malware, website or Suspicious Activity) |
Updater
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| Download Signature updates from the Internet every __ hour(s)
Download Signature updates from a custom path every __ hour(s) |
Not available in Malwarebytes Endpoint Protection |
| Path | |
| Download signature updates from Management Server
Download Signature from alternative source every __ hour(s) if Management server is not accessible for __ hour(s) Download from custom path: Download from the Internet if signature update from custom path fails. |
Not available in Malwarebytes Endpoint Protection |
| Proxy Setting | Set during initial installation of endpoint agent or via CLI. |
Communication
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| Communication automatically check policy update (every 5 seconds or 1-9999 minutes) | All policy communication is done automatically as needed (policy changes, endpoint moved from one policy/group to another) |
| Proxy (Do not use, Use Windows Proxy setting) | Uses the system wide proxy setting set at initial install or via CLI. |
Anti-Exploit
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| Enable Anti-Exploit Protection | Windows > Settings > Exploit Protection On |
| Automatically upgrade Anti-Exploit on Clients | Endpoint Agent is automatically updated, no option to change in Malwarebytes Endpoint Protection. |
| Do not show alert popup upon exploit detection | Endpoint Interface Options > Real-time Notifications On |
| Show protection events in Anti-Exploit clients | Endpoint Interface Options > Real-time Notifications On |
| Do not show Anti-Exploit traybar icon and program interface | Policy > Endpoint Interface Options > Show Icon in Notification Area = On/Off |
| Show Anti-Exploit balloon notifications on clients | Policy > Endpoint Interface Options > Real-time notifications = On/Off |
| Anti-Exploit shielded applications | Policy > Windows > Settings > Real-Time Protection > Exploit Protection = On/Manage Protected Applications |
| Advanced | Policy > Windows > Settings > Real-Time Protection > Exploit Protection = On/Advanced Settings |
Anti-Exploit Exclusions
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| List of exclusions in MD5 signature format and an optional filename | List of exclusions for files, directories, registry keys, IP Addresses separated by new line. Each entry (Drive, Folder/File, File Extension, MD5 Hash, Registry key, Website/IP address or exclude an application from Web Monitoring) is entered via web based dialog or in bulk via Excel Add-In, can apply exclusions to one of more Protection areas (Exploit, Ransomware, malware, website or Suspicious Activity) |
Anti-Ransomware
| Malwarebytes Endpoint Security Policy setting | Malwarebytes Endpoint Protection Policy setting equivalent |
|---|---|
| Enable Anti-Ransomware Protection | Windows > Settings > Behavior Protection On |
| Exclusion List | List of exclusions for files, directories, registry keys, IP Addresses separated by new line. Each entry (Drive, Folder/File, File Extension, MD5 Hash, Registry key, Website/IP address or exclude an application from Web Monitoring) is entered via web based dialog or in bulk via Excel Add-In, can apply exclusions to one of more Protection areas (Exploit, Ransomware, malware, website or Suspicious Activity) |
Admin feature comparison
The following tables highlight features/tabs found in the Malwarebytes Endpoint Security Admin pane. The Malwarebytes Endpoint Protection column shows if an equivalent feature exists, and its location in the Nebula console.
Overview
| Malwarebytes Endpoint Security Admin setting | Malwarebytes Endpoint Protection Admin setting equivalent |
|---|---|
| License for Anti-Malware | Malwarebytes Endpoint Protection has single license for all features – User Name > Profile > License Information |
| License for Anti-Exploit | Malwarebytes Endpoint Protection has single license for all features – User Name > Profile > License Information |
| License for Anti-Ransomware | Malwarebytes Endpoint Protection has single license for all features – User Name > Profile > License Information |
| Set Address Settings | No need to set server address |
Database Settings
| Malwarebytes Endpoint Security Admin setting | Malwarebytes Endpoint Protection Admin setting equivalent |
|---|---|
| SQL, cleanup Settings | Not applicable |
Signature
| Malwarebytes Endpoint Security Admin setting | Malwarebytes Endpoint Protection Admin setting equivalent |
|---|---|
| Current Signature – shown for management server | Shown per endpoint agent – Endpoints > select Endpoint > Overview > Agent Information |
| Update Frequency – Default every 10 minutes | Per Policy – Settings > Policies > Policy Name > General > Protection Updates > Update Frequency – Default check is every hour |
Administrators
| Malwarebytes Endpoint Security Admin setting | Malwarebytes Endpoint Protection Admin setting equivalent |
|---|---|
| Add New User | Settings > Users > New |
| Remove Users | Settings > Users > Delete |
| Import Domain User | Not available in Malwarebytes Endpoint Protection |
| Synchronize User | Not available in Malwarebytes Endpoint Protection |
| List of Users | Settings > Users |
| Add New User | |
| Username, Full Name, Password, Role, Email, Phone | Email Address, User Role, Group Access |
| Role | |
| Administrator | Super Admin |
| User (Permission Settings, Client, Client Group, Policy Report, Admin, Push Install, System Setting) | Administrator – Access to everything within the Nebula console except for editing global settings and can be restricted to certain endpoint groups. Read Only – View everything, but no changes, can be restricted to certain endpoint groups. |