For communication to flow between the console and endpoints, you must adjust your firewall and software exclusions, as well as your customer's. This article lists internal network recommendations, external access requirements, and recommended exclusions that apply to OneView.
File and Printer Sharing
We recommend using Administrator shared folders to perform network tasks, such as installations. To use them, you must enable File and Printer Sharing on your endpoints.
The location of File and Printer Sharing options depends on which operating system your endpoint uses. Consult your operating system guide for additional information.
External Access Requirements
Allow the following addresses through your firewall or other security software. Endpoint Agents use the sites below to reach our services.
You must allow or exclude all addresses on port 443, outbound.
Address | Purpose | Date Added |
https://api.threatdown.com | Used to communicate with the our Public APIs. | 9/12/2024 |
https://ars.cloud.threatdown.com | Used to allow access for Active Response Shell. | 9/12/2024 |
https://arsws.cloud.threatdown.com | Used to allow websocket connection for Active Response Shell. | 9/12/2024 |
https://telemetry.threatdown.com | Used to communicate telemetry and threat information to our servers. More information on our telemetry can be found on our Privacy Policy. | 9/12/2024 |
https://cdn.threatdown.com | Used to deliver updates to products. | 9/12/2024 |
https://oneview.threatdown.com | Used to access the OneView admin console. | 9/9/2024 |
https://cloud.threatdown.com | Used to access the Nebula admin console. | 9/9/2024 |
https://ark.threatdown.com | Used to deliver updates to products. | 8/29/2024 |
https://sirius.threatdown.com | Used to check for updates for both the product version and the protection database. | 8/29/2024 |
https://*.cloudflare-gateway.com | Used for the DNS Filtering module. | 2023 |
https://cosmos-shuriken-samples-mb-prod.s3.amazonaws.com/ | Used to process samples sent from the endpoint agent. | 2023 |
https://ars.cloud.malwarebytes.com | Used to allow access for Active Response Shell. | 2022 |
https://arsws.cloud.malwarebytes.com | Used to allow websocket connection for Active Response Shell. | 2022 |
https://api.malwarebytes.com | Used to communicate with the our Public APIs. | 2021 |
https://storage.gra.cloud.ovh.net | Used to upload suspicious files for sandbox analysis for Endpoint Detection and Response. | 2021 |
https://oneview.malwarebytes.com | Used to access the OneView admin console. | 2019 |
https://cloud.malwarebytes.com | Used to access the Nebula admin console. | 2019 |
https://socket.cloud.malwarebytes.com | Used to provide real-time communication between the endpoint agent and OneView. | 2019 |
https://detect-remediate.cloud.malwarebytes.com | Used to provide Endpoint Detection and Response capabilities. | 2019 |
https://downloads.malwarebytes.com | Used to download our packages and unmanaged remediation utilities. | 2019 |
https://links.malwarebytes.com | Used to access product documentation through OneView. | 2019 |
https://telemetry.malwarebytes.com | Used to communicate telemetry and threat information to our servers. More information on our telemetry can be found on our Privacy Policy. | 2019 |
https://ark.mwbsys.com | Used to deliver updates to products. | 2019 |
https://blitz.mb-cosmos.com | Used to upload files for research and analysis. | 2019 |
https://cdn.mwbsys.com | Used to deliver updates to products. | 2019 |
https://keystone.mwbsys.com | Used to validate product licensing. | 2019 |
https://keystone-akamai.mwbsys.com | Used to validate product licensing. | 2019 |
https://meps.mwbsys.com | Used to validate the Ransomware Extinction Prevention system in OneView. | 2019 |
https://repositories.mwbsys.com | Used to download the Linux installation packages. | 2019 |
https://sirius.mwbsys.com | Used to check for updates for both the product version and the protection database. | 2019 |
https://hubble.mb-cosmos.com | Used to validate threats against servers for better protection and reduce false positives. | 2019 |
https://data-cdn.mbamupdates.com | Used to deliver updates to products. | 2019 |
https://data-cdn-static.mbamupdates.com | Used to deliver updates to products. | 2019 |
https://nebula-agent-installers-mb-prod.s3.amazonaws.com | Used to download the endpoint agent installer and component package updates. | 2019 |
https://nebula-diagnostics-mb-prod.s3.amazonaws.com | Used to provide diagnostic data from the endpoint agent to OneView. | 2019 |
https://nebula-helix-syslog-mb-prod.s3.amazonaws.com | Used to provide syslog functionality between the endpoint and OneView. | 2019 |
Notes:
- We do not allow packet-inspection, as this interferes with the service protocols.
- Bypass inspection is required for packet-inspection.
- We support proxy configuration, using built-in functions.
- Pass-through proxy configuration is recommended.
- Dynamic proxy configuration is not supported.
- To test the Endpoint Agent connection, see: Use the Endpoint Agent Command-line tool with OneView.
Exclude OneView from other applications
We recommend adding specific software exclusions if you use additional security software with OneView. For more information, see Exclusions for using Nebula with other security applications.