Deploying Malwarebytes as a Custom App

Learn how to deploy Malwarebytes Endpoint Protection to your Mac computers as a custom app

This guide is for Malwarebytes Endpoint Protection. As with all Custom Apps, we urge you to test this thoroughly before deploying to a Mac that is in production.

Prerequisites

•  Malwarebytes installer for your organization (Setup.MBEndpoint...) from the Downloads > Endpoint Installers > Mac section of the Nebula portal.
• Your organization's unique auth token
• Malwarebytes System Extension and Privacy Preferences Policy Control (PPPC) approval profile from Nebula Support.
• Malwarebytes Notifications Profile (GitHub Link)
• Malwarebytes Service Management Profile (GitHub Link)
• Malwarebytes Audit and Enforce Script (GitHub Link)
• Malwarebytes Postinstall Script (GitHub Link)

Add a Custom Profile

1. Click Library in the left-hand navigation bar.
2. Click Add New in the upper right-hand corner.
3. Click Custom Profile from the Add New window.

Configure the Custom Profile

1. Give the profile a Name.
2. Assign your custom profile to your desired Blueprint.
3. Set Install On to Mac.
4. Optionally, configure Assignment Rules.
5. Upload the System Extension and PPPC profile that you downloaded previously from Nebula Support.
6. Save your custom profile.

Add and Configure the Notifications Profile

Repeat the Add and Configure steps above for the profile Malwarebytes Notifications Profile.

Add and Configure the Service Management Profile

Repeat the Add and Configure steps above for the profile Malwarebytes Service Management Profile

When adding this profile, add an Assignment Rule  to apply the profile only to computers running macOS 13.0 or greater.

Once the rule is saved, it will show on the main Library Item page:

Using an Assignment Rule for the service management payload ensures this payload is only deployed to Mac computers running macOS Ventura or later. The audit and enforcement script provided by Kandji for Malwarebytes only checks for the presence of the service management payload on macOS Ventura or later. Keeping these three profiles separate allows you to update each one independently. Be sure to add the notifications and service management profiles to the same Blueprint(s) as the Malwarebytes Custom App.

Add a Custom App

1. Click Library on the left-hand navigation bar.
2. Click Add New in the upper right-hand corner.
3. Click Custom App from the Add New window

Configure the Custom App

1. Give your custom app a Name.
2. Assign your custom app to a test Blueprint.
3. Optionally configure Assignment Rules.
   
4. Select Audit and Enforce as the execution frequency.
5. Paste the audit script for Malwarebytes that you downloaded previously into the Audit Script text field.
   
6. Select the Installer Package option.
7. Upload the installer package (Setup.MBEndpoint...) that you downloaded previously from Malwarebytes. Your organization's unique auth token will be displayed in the filename; you'll need it for the next step.
8. Click Add Postinstall Script, and copy/paste the postinstall script you downloaded in the prerequisites above.  Be sure to update the COMPANY_TOKEN variable with your organization's unique auth token.
9. Click Save.

When the installation process finishes, the Malwarebytes management agent registers, and the Mac appears in the Malwarebytes Nebula platform console. This may take a few minutes to complete.