guide to integration implementation · guide to integration implementation located in the...
TRANSCRIPT
1
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Contents
Requirements ...................................................................................................................................................3
Installation Scenarios ........................................................................................................................................3
Malwarebytes 2.xx or 1.75 is already deployed. .................................................................................................3
Install / Update Malwarebytes Plugin ................................................................................................................4
Configuring Malwarebytes Plugin ......................................................................................................................6
About the Screens .............................................................................................................................................9
System Dashboard ............................................................................................................................................9
Settings Tab ................................................................................................................................................................9
Client Licenses Tab .................................................................................................................................................. 10
Global Ignore List Tab .............................................................................................................................................. 11
Policy Manager Tab ................................................................................................................................................. 12
Deployment History Tab .......................................................................................................................................... 13
Client Screen ................................................................................................................................................... 14
Home Tab ................................................................................................................................................................ 14
Computers Tab – Anti-Malware .............................................................................................................................. 15
Computers Tab – Anti-Exploit .................................................................................................................................. 16
Deployment Tab ...................................................................................................................................................... 17
Quarantine Tab ........................................................................................................................................................ 18
Ignored Items Tab .................................................................................................................................................... 18
Location Screen .............................................................................................................................................. 19
Deployment Tab ...................................................................................................................................................... 19
Computer Screen ............................................................................................................................................ 20
Status Tab ................................................................................................................................................................ 20
Scan History Tab ...................................................................................................................................................... 20
Threat History Tab ................................................................................................................................................... 21
Quarantine Tab ........................................................................................................................................................ 21
2
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Ignore List Tab ......................................................................................................................................................... 22
Policy Management ........................................................................................................................................ 23
Custom Policies ............................................................................................................................................... 23
Export to File ........................................................................................................................................................... 23
Create Custom Policy ............................................................................................................................................... 23
Default Policy ................................................................................................................................................. 25
Silent Policy .................................................................................................................................................... 26
Aggressive Policy ............................................................................................................................................ 27
Known Issues .................................................................................................................................................. 28
System Dashboard ................................................................................................................................................... 28
3
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Requirements
The Malwarebytes Plugin has been designed with the Following Assumptions and Minimum or Maximum
requirements.
The Plugin is designed for, and will only install on, LabTech 10 Systems or ABOVE. The Installer will tell
you if it is unable to proceed based on these requirements.
Malwarebytes Anti-Malware version 1.8 (LabTech) is required for full compatibility with this plugin.
Any existing installations of Malwarebytes Anti-Malware 2.x or 1.75 will need to be manually
removed.
Malwarebytes Anti-Malware installation is to be handled by the plugin as certain settings are required
for the Log and Scan history to be collected correctly.
If you are using applications such as Ninite to maintain Third Party applications, you need to ensure
that Malwarebytes is excluded from updates.
Installation Scenarios
Here are a couple of Scenarios for existing Malwarebytes Anti-Malware users that have current deployments
of the software.
Malwarebytes 2.xx or 1.75 is already deployed.
Unfortunately, the plugin is designed for the sole use of Malwarebytes Anti-Malware 1.8. You will need to
remove Malwarebytes Anti-Malware 2.x or 1.75 from the computer before information will be collected
correctly.
You can trigger the uninstall process using the Deployment tab on the Computer Screen.
Note: Malwarebytes Anti-Malware 1.75 is similar to 1.8 and as a result the Plugin will still collect information
however this is not supported by the plugin, there is a monitor that will alert you for computers that have 1.75
installed as 1.8 will need to be deployed.
4
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Install / Update Malwarebytes Plugin
WARNING: Installing or Updating the Malwarebytes Plugin will cause the LabTech Database Agent to immediately
restart which will terminate any scripts that are currently running. Before Installing the Plugin ensure that all
scripts have completed.
For additional information, refer to View Running Scripts.
1. Perform a System Backup.
2. Download the Malwarebytes Plugin Installation Utility from:
http://download.labtechplugins.com/malwarebytes/MalwarebytesPluginInstaller.exe
3. Launch the Malwarebytes Plugin Installer:
The Installer can be run from anywhere as long as it can connect to the LabTech Server over HTTP
or HTTPS.
4. Enter your LabTech Credentials:
Enable HTTP Tunnel must be enabled on the User Account that you are using to login
Super Admin permissions are required for Plugin Installation
Server Address must be either HTTP or HTTPS
Username and Password are Case Sensitive
5
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
5. Install the Plugin.
6. The LabTech Database agent service will restart once the Installation is complete.
7. Exit the Installer.
8. Restart the LabTech Control Center.
6
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Configuring Malwarebytes Plugin
Ensure that you have restarted the LabTech Control Center after installing or updating the
Malwarebytes Plugin.
1. Navigate to the Malwarebytes Global Settings, which is located under System Dashboard >
Config > Integration > Malwarebytes.
2. Enter License Details for Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit into the appropriate
section on the Settings tab.
NOTE: Please take note of the following.
License Keys entered on this screen will be used globally unless a Client License key is defined (on
the Client Licenses tab)
Once a License Key has been saved, it cannot be modified without being removed.
Removing a License Key will trigger an Uninstall command to all Malwarebytes installations that
are registered with the License Key that is being removed.
3. Enable Password Protection if enabled specify a Password to be used. Enabling Password Protection is
used to limit access to certain features of Malwarebytes Anti-Malware. This password will be required to
access those features.
7
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
NOTE: Please take note of the following:
Passwords are for Malwarebytes Anti-Malware only.
Passwords cannot contain Double Quotes (“)
Passwords are only configured during the installation of Malwarebytes Anti-Malware and will not
be applied to pre-existing installations
4. Configure Installation Options, Malwarebytes has a few limited options that can help control the
installation of Malwarebytes Anti-Malware, you are able to select the following to be applied for new
installations of Malwarebytes Anti-Malware.
Disable Desktop Icon
Disable Start Menu Icons
Enable Password Protection
5. Configure Auto Deployment in the Malwarebytes Plugin to automatically deploy both Malwarebytes
Anti-Malware and Malwarebytes Anti-Exploit. To do this, you will need to enable the Auto Deployment
option and then configure which clients will have auto deployment enabled.
Once enabled, click on the Configure button to continue with the deployment setup; it’s just a matter of
checking the boxes to enable Auto Deployment.
8
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
NOTE: Please take note of the following:
Auto Deployment is handled automatically by the LabTech Server and will perform Auto
Deployment functions once every 6 minutes.
In the event of the installation process failing, the Auto Deployment will not re- attempt the
installation for 24 hours.
Malwarebytes will not be Deployed to Any Device or Location that is Excluded from Auto
Deployment (configurable on the Computer Screen or Location Screen).
The Installation process will use the Product ID and License Key from the Client License section
first, in the event that no specific Client License record exists, it will fall back to using the Global
Values. In the event that these values have not been defined, Malwarebytes will NOT be installed.
Malwarebytes Auto Deployment is for Windows computers only.
9
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
About the Screens
The Malwarebytes Plugin will add some Tabs to your LabTech System. These tabs will allow you to configure
settings, review collected information and interact directly with Malwarebytes, a brief overview of each tab.
System Dashboard
The System Dashboard Tab for Malwarebytes is primarily used for Configuring Settings such as Licensing, Auto-
Deployment and Policy Management you will be also able to get an overview of the Auto-Deployment process
from here.
Settings Tab
Option Description
Anti-Malware Product ID and License Key
DEFAULT: Not Entered Registration details for Anti-Malware Deployment, can be overwritten by a Client Specific Key.
Anti-Exploit Product ID and License Key
DEFAULT: Not Entered Registration details for Anti-Exploit Deployment, can be overwritten by a Client Specific Key.
Disable Desktop Icon DEFAULT: Disabled Prevents Malwarebytes Anti-Malware from creating a desktop icon on Installation.
Disable Start Menu Icons DEFAULT: Disabled Prevents Malwarebytes Anti-Malware from creating start menu icons on Installation.
10
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Enable Password Protection DEFAULT: Disabled Specifies a password that is required to access certain functionality of the Malwarebytes Anti-Malware product.
Enable Auto Deployment DEFAULT: Disabled Enabling this Feature will enable the Malwarebytes Plugin to Automatically Deploy both Anti-Malware and Anti-Exploit products as configured by using the Configure button
Client Licenses Tab
The Client Licenses tab allows you to specify product registration information for Anti-Malware and Anti-Exploit
specific to a customer, values defined here will be used in place of the globally defined registration information.
You can remove a record by Right clicking on the record in the summary window and selecting
Remove License.
11
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Global Ignore List Tab
The global ignore list is used to define items for Malwarebytes Anti-Malware to ignore / exclude from scans.
The ignore list is applied to agents when Malwarebytes Anti-Malware is installed.
Additional details about Item Classes and required input formats.
Item Class Description
File Format: <Drive>\<Directory>\<File> Example: C:\Windows\file.exe
Folder Format: <Drive>\<Directory> Example: C:\Windows\LTSvc
Key Format: <hive>\<key> Example: “HKLM\Software\Key”
IP Format: xxx.xxx.xxx.xxx Example: 111.222.33.444
12
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Policy Manager Tab
The Policy Manager tab enables you to control which policy configures the Default policy for new Installations of
Malwarebytes Anti-Malware.
In addition to this, you are able to perform the following tasks through a right-click context menu:
Add / Delete Policies
Control which policy is default
Deploy a selected policy through the Push Command
13
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Deployment History Tab
This tab is used to review Installation commands of Malwarebytes Anti-Malware and Anti-Exploit. It uses
information from the LabTech Command history and will show you commands in one of three stats: Success,
Failed and Executing.
14
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Client Screen
The Malwarebytes tab on the client screen is used to show collected information, as well as allowing you to issue
manual deployment commands. These commands include Installs and Uninstalls, as well as interact with
Malwarebytes directly.
Home Tab
The Home tab enables you to get a graphical overview of threat and exploit history of the particular client or
location, and contains a number of numerical widgets and graphs.
Available on:
Client Screen > Malwarebytes Tab
Location Screen > Malwarebytes Tab
Gadget Name Gadget Description
Current Threats Number of threats detected by Malwarebytes Anti-Malware in the most recent scan results.
Recent Exploits Number of Exploits detected by Malwarebytes Anti-Exploit in the previous 24-hours
Quarantined Items Number of items that are currently in Malwarebytes Anti-Malware quarantine.
Anti-Malware Threat Detection
Graph depicting the number of threats detected by Malwarebytes Anti-Malware over the previous 7.
15
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Anti-Exploit Threat Detection
Graph depicting the number of exploits detected by Malwarebytes Anti-Exploit over the previous 7 days.
Computers Tab – Anti-Malware
Use the Computers tab to view all computers at the client that have Malwarebytes Anti-Malware installed.
Selecting the computer in top part of the window will populate the Threat history for that specific computer
below.
You are able to right click on a threat in the threat history to add it to that individual computers ignore
list.
You can Select Individual or Multiple Computers to trigger an On-Demand Scan
16
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Computers Tab – Anti-Exploit
Use the Computers tab to view all computers at the client that have Malwarebytes Anti-Exploit installed,
Selecting the computer in top part of the window will populate the Threat history for that specific computer
below.
17
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Deployment Tab
Use the Deployment tab to view all Windows Computers at the client. From this tab, you will be able to trigger
an Install or Uninstall action, as well as control the Auto-Deployment status of Malwarebytes Products.
Clicking on the Enabled / Disabled link in the upper right corner will toggle the Auto Deployment Status
for the selected application. Auto Deployment must be enabled globally for this to work.
18
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Quarantine Tab
From this tab, you will be able to directly interact with the Malwarebytes Quarantine. This allows you to see all
quarantined items at that client, as well as Delete or Restore items(s) as required.
Ignored Items Tab
From this tab, you will be able to directly interact with the Malwarebytes Anti-Malware Ignore list. Allowing
you to remove items(s) from the Ignore list.
19
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Location Screen
The Malwarebytes tab on the location screen is used to show collected information, as well as allowing you
to issue manual deployment commands. These commands include Installs and Uninstalls, as well as interact
with Malwarebytes directly,
All of the Screens on the Location Screen are very similar to those found on the Client Screen, except for the data
being displayed is only for the current location and not the entire client.
Deployment Tab
Use the Deployment tab to view all Windows Computers at the client. From this tab, you will be able to trigger
an Install or Uninstall action, as well as control the Auto-Deployment exclusions for Malwarebytes Products.
Selecting the Exclude Location Auto-Deployment checkbox will exclude the location from having the
selected product automatically deployed. These settings are saved on selection.
20
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Computer Screen
The Malwarebytes tab on the computer screen is used to show collected information, as well as allowing
you to issue manual deployment commands. These commands include Installs and Uninstalls, as well as
interact with Malwarebytes directly.
Status Tab
From this tab, you will be able to Exclude the Installation of Malwarebytes Anti-Malware or Anti- Exploit as well
as see the current Installation status of both products with the ability to trigger both Install and Uninstalls.
Scan History Tab
From this tab, you will be able to see all scan history collected by LabTech.
21
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Threat History Tab
From this tab, you will be able to see all of the threat history collected by LabTech.
You are able to right on a threat in the threat history to add it to that individual computers ignore list.
Quarantine Tab
From this tab you will be able to directly interact with the Malwarebytes Quarantine, you will be able to see all
quarantined items for this computer as well as Delete or Restore items(s) as required.
22
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Ignore List Tab
From this tab you will be able to directly interact with the Malwarebytes Anti-Malware Ignore list allowing you
to remove items(s) from the Ignore list.
23
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Policy Management
The Malwarebytes integration plugin has the ability to apply policies and settings to the Malwarebytes agent
upon deployment. There are two in-built pre-configured policies that can be used as part of this solution, the
policies and their related settings are listed below.
In addition to using the two pre-configured policies you are able to import custom policy files on Policy
Management Tab.
Custom Policies
Using the Malwarebytes Anti-Malware user interface you are able to configure settings related to the following
modules or components which can then be exported to file to create a custom policy within LabTech
Protection Module
General Settings
Scanner Settings
Database & Definition Settings
Schedules
Export to File
To export the settings to file you need to use the Malwarebytes Anti-Malware API utility.
The MBAM API Utility is a command line tool that lets you control aspects of Malwarebytes Anti- Malware and is
located in the Malwarebytes Anti-Malware folder; for installations performed using the Integration plugin this is
typically:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamapi.exe
Example: mbamapi.exe /export all “c:\export\settings.dat”
Create Custom Policy
24
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Once you have exported your settings file you are able to create a new policy for use within LabTech. To do this,
navigate to the Policy Management Tab which is located on the System Dashboard under Config > Integration >
Malwarebytes > Policy Manager.
1. Click on the “Add Policy” button.
2. Enter a descriptive name for the policy you wish to create.
3. Click on the Browse button and locate the export file previously created
4. Click the Save button to add the new policy
25
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Default Policy
There is a pre-defined “Default” policy that is deployed to new installations of Malwarebytes Anti- Malware
when using the plugin installation options.
For the most part these options are default, but some of the highlights are below.
Protection Module
o File System Protection ENABLED
o Malicious Website Blocking ENABLED
o Protection Module is Started with Windows ENABLED
o Automatically quarantine file system threats ENABLED
o Show Tooltip Balloon when File System Threat is Blocked ENABLED
o Show Tooltip Balloon when Malicious Website is Blocked ENABLED
General Settings
o Terminate IE during Threat Removal DISABLED
o Anonymously report usage statistics ENABLED
o Right Click Context Menus ENABLED
o Warn User if Database is Outdated DISABLED
Scanner Settings
o Scan Memory Objects ENABLED
o Scan Start-up Objects ENABLED
o Scan Registry Objects ENABLED
o Scan File System Objects ENABLED
o Scan Additional Items against heuristics ENABLED
o Scan Inside Archives ENABLED
o Advanced Heuristics Engine ENABLED
o Action for Potentially Unwanted Programs (PUP): Show in results and do not remove
o Action for Potentially Unwanted Modifications (PUM): Show in results and remove
o Action for Peer-to-Peer software (P2P): Show in results and do not remove
Database / Definition Updates
o Automatic definition updates are scheduled to run every hour as required.
Scheduled Scans
o A Quick Scan is scheduled to run Each day at 9:00am
Scan Type: Quick
Scan is performed silently from the System Account
Automatically remove and quarantine all threats.
Saves to an XML Log
Computer will NOT restart if required for threat removal
Recovers if missed by 3 hours
26
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Silent Policy
There is a pre-defined silent policy that comes pre-configured, it’s similar to the default policy that used as a default for deployment, however, it’s configured to use the Very Silent option which disables the System Tray Icon.
For the most part these options are default, but some of the highlights are below.
Protection Module
o File System Protection ENABLED
o Malicious Website Blocking ENABLED
o Protection Module is Started with Windows ENABLED
o Automatically quarantine file system threats ENABLED
o Show Tooltip Balloon when File System Threat is Blocked ENABLED
o Show Tooltip Balloon when Malicious Website is Blocked ENABLED
General Settings
o Terminate IE during Threat Removal DISABLED
o Anonymously report usage statistics ENABLED
o Right Click Context Menus ENABLED
o Warn User if Database is Outdated DISABLED
Scanner Settings
o Scan Memory Objects ENABLED
o Scan Start-up Objects ENABLED
o Scan Registry Objects ENABLED
o Scan File System Objects ENABLED
o Scan Additional Items against heuristics ENABLED
o Scan Inside Archives ENABLED
o Advanced Heuristics Engine ENABLED
o Action for Potentially Unwanted Programs (PUP): Show in results and do not remove
o Action for Potentially Unwanted Modifications (PUM): Show in results and remove
o Action for Peer-to-Peer software (P2P): Show in results and do not remove
Database / Definition Updates
o Automatic definition updates are scheduled to run every hour as required.
Scheduled Scans
o A Quick Scan is scheduled to run Each day at 9:00am
Scan Type: Quick
Scan is performed silently from the System Account
Automatically remove and quarantine all threats.
Saves to an XML Log
Computer will NOT restart if required for threat removal
Recovers if missed by 3 hours
27
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Aggressive Policy
There is a pre-defined aggressive policy that comes pre-configured. It’s similar to the default policy that used as
a default for deployment however it will quarantine items a little more aggressively.
For the most part these options are default, but some of the highlights are below.
Protection Module
o File System Protection ENABLED
o Malicious Website Blocking ENABLED
o Protection Module is Started with Windows ENABLED
o Automatically quarantine file system threats ENABLED
o Show Tooltip Balloon when File System Threat is Blocked ENABLED
o Show Tooltip Balloon when Malicious Website is Blocked ENABLED
General Settings
o Terminate IE during Threat Removal DISABLED
o Anonymously report usage statistics ENABLED
o Right Click Context Menus ENABLED
o Warn User if Database is Outdated DISABLED
Scanner Settings
o Scan Memory Objects ENABLED
o Scan Start-up Objects ENABLED
o Scan Registry Objects ENABLED
o Scan File System Objects ENABLED
o Scan Additional Items against heuristics ENABLED
o Scan Inside Archives ENABLED
o Advanced Heuristics Engine ENABLED
o Action for Potentially Unwanted Programs (PUP): Show in results and remove
o Action for Potentially Unwanted Modifications (PUM): Show in results and remove
o Action for Peer-to-Peer software (P2P): Show in results and remove
Database / Definition Updates
o Automatic definition updates are scheduled to run every hour as required.
Scheduled Scans
o A Quick Scan is scheduled to run Each day at 9:00am
Scan Type: Quick
Scan is performed silently from the System Account
Automatically remove and quarantine all threats.
Saves to an XML Log
Computer will NOT restart if required for threat removal
Recovers if missed by 3 hours
28
GUIDE TO INTEG RATIO N I MPLEMENT AT IO N
4110 George Road, Tampa, FL 33634 | 813-463-4740 | [email protected]
Known Issues
System Dashboard
Specifying or Changing Password on the System Dashboard will only apply to new Installations of
Malwarebytes. All previously deployed versions will continue to use the password that was specified at
the time of installation.