Administrators can delete endpoints using the console, which removes them from the Malwarebytes Nebula platform. After a period of time, the deleted endpoint is also removed from the Malwarebytes database. Malwarebytes then uninstalls the agent from from the endpoint. This article explains what happens when you mark endpoints for deletion, and how to perform this action.
Alternatively, you can automate the removal of inactive and obsolete endpoints. For more information, refer to the article Configure Inactive Endpoint Removal option in Malwarebytes Nebula.
When endpoints are marked for deletion using the Nebula console
When you select endpoints for deletion, the following happens:
- The console flags the endpoint for uninstall.
- The console removes the endpoint from the UI. This frees up one of your seat licenses.
- A hidden task is created to delete the endpoint
- If the endpoint is online, the uninstall task is executed immediately
- If the endpoint checks in within 90 days:
- The task is picked up and the endpoint uninstalls Malwarebytes.
- If the endpoint checks in after 90 days:
- The Delete task has expired in the console since the endpoint did not check in within the 90 day period.
- Malwarebytes remains installed on the endpoint and the endpoint re-wp-signup.phps and appears in the console again. You must re-initiate the Delete task in the console.
Delete endpoint groups
When deleting an entire group of endpoints, the group remains in the console as an empty group.
- From the sidebar, go to Endpoints.
- Check the boxes next to endpoints you want to delete.
- In the upper-right, click Actions
- In the drop down menu, click Delete. A warning message displays. If you’re sure you want to continue, click DELETE.
Delete at Windows endpoint
By logging with administrative privileges, you can delete the Malwarebytes agent at the endpoint.
If tamper-proofing is enabled, then either must occur:
- The tamper-proofing password is supplied to the installer.
OR - The endpoint is moved to a group with a policy where tamper-proofing is disabled, and the policy has propagated to the endpoint.
If the endpoint is online, Malwarebytes Nebula is notified and removes the endpoint. If offline, you must manually delete the endpoint from the Nebula console.
Methods available:
- Use Add Remove Programs
- Launch the installer from Windows command line with run-as-administrator
> MSIEXEC /x “<fullpath\Setup.MBEndpointAgent.x64.msi” /quiet /log - For endpoints which may be corrupted or cannot otherwise be deleted normally, then download and run the Malwarebytes Support Tool for business environments to force delete any/all Malwarebytes’ installed products
Delete at macOS Endpoint
If the endpoint is online, Malwarebytes Nebula is notified and removes the endpoint. If offline, you must manually delete the endpoint from the Nebula console.
Methods available:
- Launch EndpointAgentDaemon with the -uninstall option. Note use single quotes for literal string, or blanks should be escaped with \ if the command is scripted:
sudo ‘/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/EndpointAgentDaemon’ -uninstall
- For endpoints which may be corrupted or cannot otherwise be deleted normally, you can manually delete them with the following commands:
sudo rm -r /Library/LaunchDaemons/com.malwarebytes.EndpointAgent.plist
sudo rm -r /Library/LaunchDaemons/com.malwarebytes.ncep.rtprotection.daemon.plist
sudo rm -r /Library/LaunchDaemons/com.malwarebytes.ncep.settings.daemon.plist
sudo rm -r ‘/Library/Application Support/Malwarebytes/’
Return to the Malwarebytes Nebula Administrator Guide.
Source : Official Malwarebytes Brand
Editor by : BEST Antivirus KBS Team