Deploying Malwarebytes as a Custom App

By Jonathan Connor

How to deploy Malwarebytes Endpoint Protection to your Mac computers as a custom app.

This guide is for Malwarebytes Endpoint Protection. As with all Custom Apps, we urge you to test this thoroughly before deploying to a Mac that is in production.

Download Required Components

Add a Custom Profile

  1. Click Library in the left-hand navigation bar.
  2. Click Add New in the upper right-hand corner.
  3. Click Custom Profile from the Add New window.

Configure the Custom Profile

  1. Give the profile a Name.
  2. Assign your custom profile to a test Blueprint.
  3. Set Device Families to Mac.
  4. Upload the profile that you downloaded previously from Malwarebytes (Malwarebytes_Protection_profile_10_15.mobileconfig). 
  5. Save your custom profile.

Add and Configure the Notifications Profile

Repeat the Add and Configure steps above for the profile to allow notifications for Malwarebytes that you downloaded previously from the Kandji Support GitHub repo.

Add and Configure the Background Items (Service Management) Profile

Repeat the Add and Configure steps above for the profile to allow background items for Malwarebytes that you downloaded previously from the Kandji Support GitHub repo.

When adding this profile, add an Assignment Rule to only apply the profile to computers where the OS Version for macOS is greater than or equal to 13.0, as shown below.

Once the rule saved, it will show on the main Library Item page:

Using an Assignment Rule for the service management payload ensures this payload is only deployed to Mac computers running macOS Ventura or later. The audit and enforcement script provided by Kandji for Malwarebytes only checks for the presence of the service management payload on macOS Ventura or later.

Keeping these three profiles separate allows you to update each one independently—in case, for example, Malwarebytes makes changes to their provided profile. Be sure to add the notifications and service management profiles to the same Blueprint(s) as the Malwarebytes profile.

Add a Custom App

  1. Click Library on the left-hand navigation bar.
  2. Click Add New in the upper right-hand corner.
  3. Click Custom App from the Add New window

Configure the Custom App

  1. Give your custom app a Name.
  2. Assign your custom app to a test Blueprint.
  3. Select Audit and Enforce as the execution frequency.
  4. Paste the audit script for Malwarebytes that you downloaded previously from the Kandji Support GitHub repo into the Audit Script text field (no modifications needed).
  5. Select the Installer Package option.
  6. Upload the installer package (Setup.MBEndpoint...) that you downloaded previously from Malwarebytes.
    1. Important: Your organization's unique auth token will be displayed in the filename; you'll need it for the next step.
  7. Click Add Postinstall Script, and copy/paste the script from the box below.

    Replace the string YOURAUTHTOKEN with the auth token from the filename of the package. You can copy/paste it from the package description displayed in step 6 once it finishes uploading; it is the value between the underscores. For example, if the package name included the string __C76D2A55-E74B-439A-B0E6-3995CC29D465__, the auth token would be C76D2A55-E74B-439A-B0E6-3995CC29D465.
    #!/bin/sh

    '/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/EndpointAgentDaemon.app/Contents/MacOS/EndpointAgentDaemon' ACCOUNTTOKEN=YOURAUTHTOKEN
    /bin/launchctl unload /Library/LaunchDaemons/com.malwarebytes.agent.daemon.plist
    /bin/launchctl load /Library/LaunchDaemons/com.malwarebytes.agent.daemon.plist 
  8. Click Save
When the installation process finishes, the Malwarebytes management agent registers, and the Mac appears in the Malwarebytes Nebula platform console. This may take a few minutes to complete.