The Business Support Tool removes Nebula and OneView products from endpoints. This includes files, settings, and license information. First, attempt to uninstall the endpoint agent by deleting it in Nebula or OneView. See how to uninstall endpoints from Nebula or OneView.
CAUTION - If the endpoint agent remains on the device after deleting it, consult with Support before running this tool.
To remove the endpoint software from a Windows endpoint that is deleted from the console, download the Support Tool to the desktop, then run it from Command Prompt. In the Command Prompt, you can use switches to specify how to remove the software. A list of switches and instructions on how to use them are in this article.
Make sure to have your Tamper Protection uninstall password or that Tamper Protection is turned off, as you will need to know this to run the tool. For more information, check the corresponding article for your console:
Run the support tool
To run the support tool, download and initiate it from the Windows Command Prompt as an administrator.
- Click here to download the support tool and save it. We recommended saving it to the Desktop. The tool does not work from a network share.
- Open Command Prompt as an administrator.
- In the command window, change the directory to the desktop with the following command.
cd %userprofile%\desktop
- Remove the endpoint agent based on the Tamper Protection settings with the following command. For WSC unregistered errors, these are expected and does not mean the tool has failed.
- If Tamper Protection is enabled:
mb-clean.exe /y /cleanup /noreboot /nopr /epatamperpw "YourTamperProtectionPassword"
-
Note: Replace YourTamperProtectionPassword with the Tamper Protection uninstall password of the endpoint and keep the quotation marks. Check the policy of the endpoint if you forgot the Tamper Protection uninstall password.
-
Note: Replace YourTamperProtectionPassword with the Tamper Protection uninstall password of the endpoint and keep the quotation marks. Check the policy of the endpoint if you forgot the Tamper Protection uninstall password.
- If Tamper Protection is disabled:
mb-clean.exe /y /cleanup /noreboot /nopr /epatoken "NoTamperProtection"
- If Tamper Protection is enabled:
- Reboot the endpoint.
- Open Command Prompt as an administrator and change the target directory to the desktop with the following command:
cd %userprofile%\desktop
- Clean up additional files with the next command.
mb-clean.exe /y /cleanup /noreboot /nopr
- Reboot the endpoint.
- Verify the following directories are deleted. If not, remove them manually:
C:\Program Files\Malwarebytes Endpoint Agent
C:\ProgramData\Malwarebytes Endpoint Agent
C:\Program Files\Malwarebytes
C:\ProgramData\Malwarebytes
Note: Show hidden files and folders to locate the ProgramData folder. For more information, see View hidden files and folders in Windows.
Command line switches
Below is a list of switches you can use to execute the Business Support Tool:
Command line switch | Description |
/y |
Accepts the EULA. Required to run the tool. |
/cleanup |
|
/noreboot |
Optional: Prevents unscheduled reboots after cleanup. Recommended for Servers. |
/nopr |
|
/epatamperpw "YourTamperProtectionPassword" |
|
Find the Support Tool log file
If you run into an issue running the Support Tool, the support team may request the log file to diagnose the issue. To find the log file, head to one of the following directories based on the system type and get the mbst-clean-results.txt file.
-
Workstations - %localappdata%\temp
-
Servers - %systemroot%\temp