Some OneView actions may be performed by the command line to help with custom scripting or automation by software deployment and remote monitoring and management (RMM) tools.
The Endpoint Agent Command-line tool, EACmd, is a Windows™ application created to communicate with the Endpoint Agent service. This article covers suggested methods of using EACmd in your scripts or deployment methods.
EACmd works with the Endpoint Agent using the same communication method as the Endpoint Agent Tray program.
-
You must open CMD as an administrator and change the directory to: C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\
-
Once ready, use the following executable to leverage commands for the endpoint agent EACMD.
- If an uninstall password is enabled in the endpoint's policy, you will be prompted for the password for certain commands. If you forgot the uninstall password, see Configure Tamper protection options in OneView.
Command Option | Purpose | Requires Tamper Protection? |
-loglevel=VALUE | The level of logging to set the service. Valid values are Debug and Info. | No |
-assetscan | Runs an asset scan on the endpoint. | No |
-d, -diag | Collect a diagnostic log for the Endpoint Agent service. | No |
-output=VALUE | Sets the output folder for diagnostic logs. The default folder is the Desktop. | No |
-debug | Set the level of logging to debug for the program. | No |
-refreshagentinfo | Update the agent information for the endpoint. This will immediately post the information to the cloud console. | No |
-updateprotection | Manually retrieves the freshest rules from the console and updates the protection service. | No |
-updatesoftware | Manually checks for software and definitions update and if one exists, it is downloaded then installed (or paused) based on policy settings. For Patch Management customers, this command also updates supported third-party applications. | No |
-versions | Displays version information for all Endpoint Agent components and plugins. | No |
-runpendingsoftwareupdate | Manually checks for pending software updates, and if one exists, it is installed regardless of policy settings. | No |
-h, -help | Display a usage message for the EACmd program with all of the options. | No |
-syncnow | Forces a sync with the OneView cloud platform. | No |
-testconnections |
Tests connection to a list of servers. See detailed description below. |
No |
-certcheck=VALUE | Check if the file passes signature check. | No |
-getmachineids |
Displays the current Account ID, Machine ID, and OneView Machine ID of the endpoint. Note: If values are null/empty, then the Management Agent is not registered with the console. |
No |
-verifyaccounttoken=VALUE |
Checks if the supplied account token matches the currently stored account token, returning 0 if matched. NOTE: This can be used in scripting to check if an endpoint is associated to the correct account. |
No |
-changeaccounttoken=VALUE |
Changes the current account token and forces this single endpoint register as a new endpoint in the default Group in a different OneView Site. See Move an endpoint between Nebula accounts or OneView sites for more detail. Administrative privileges required. |
Yes |
-proxy.server=VALUE | Changes the current proxy server address. Administrative privileges required. | Yes |
-proxy.bypassOnLocal=VALUE | Enable or disable bypass proxy. Administrative privileges required. | Yes |
-proxy.port=VALUE | Changes the current proxy port number. Administrative privileges required. | Yes |
-proxy.user=VALUE | Changes the current proxy username. Administrative privileges required. | Yes |
-proxy.password=VALUE |
Changes the current proxy password. Administrative privileges required. Note: The proxy password is encrypted when stored at the endpoint. |
Yes |
-proxy.clear | Clear all proxy settings. Administrative privileges are required. | Yes |
-threatScan | Performs a Threat Scan unless Allow Users to run a threat scan is disabled in the policy. | No |
-resetmachineids | Generates a new Machine ID and OneView Machine ID. | Yes |
Check for Protection Updates via command line (Windows)
This command performs an immediate check for Protection Updates. It is identical to performing a Protection Updates check from the Endpoints screen in the console.
Scans perform this check before scanning. The Protection Updates check also ensures Real-Time Protection uses the most recent updates.
Syntax
"C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe" -updateprotection
Check for Software Updates via command-line (Windows)
This command immediately checks for updates to the Endpoint Agent software on the endpoint. It is identical to performing a Software Updates check from the Endpoints screen in the console.
Any manual check for Software Updates ignores the Pause Software Updates policy setting.
Syntax
"C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe" -updatesoftware
Get OneView Machine ID via command-line (Windows)
This command displays the current Account ID, Machine ID, and OneView Machine ID.
Syntax
"C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe" -getmachineids
Reset OneView Machine ID via command-line (Windows)
This command generates a new Machine ID and OneView Machine ID.
Use the command if the Endpoint Agent software was deployed improperly using a cloned Windows OS image.
To verify these changes, run the Get OneView Machine ID command before and after running the Reset OneView Machine ID command.
Note: If the endpoint is a virtual machine, verify the VM hardware profile has a unique UUID and is not a duplicate or clone.
Syntax
"C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe" -resetmachineids
Test connections
This command instructs the Management agent to test connections to a list of URLs.
For each URL tested, if ExpectedStatusCode matches the received StatusCode, the Result will be true (success) otherwise, false (failure) will be returned.
If any Result is false, a message "Command complete: Network Test Failure (1232) - an error occurred during network testing" will be shown.
Syntax
"C:\Program Files\Malwarebytes Endpoint Agent\UserAgent\EACmd.exe" -testconnections
Note:
- There may be individual, transient failures.
- If there are multiple or consistent failures, check Network access requirements and firewall settings. As of June 2023, URL link Telemetry has been removed and will return false. An update to EACMD will resolve this shortly.