For communication to flow between the console and endpoints, you must adjust your firewall and software exclusions. This article lists internal network recommendations, external access requirements, and recommended exclusions that apply to OneView.
File and Printer Sharing
We recommend using Administrator shared folders to perform network tasks, such as installations. To use them, you must enable File and Printer Sharing on your endpoints.
The location of File and Printer Sharing options depends on which operating system your endpoint uses. Consult your operating system guide for additional information.
External Access Requirements
Allow the following addresses through your firewall or other security software. Endpoint Agents use the sites below to reach our services.
You must allow or exclude all addresses on port 443, outbound.
Address | Purpose |
https://oneview.malwarebytes.com https://oneview.threatdown.com |
Used to access the OneView admin console. |
https://cloud.malwareytes.com https://cloud.threatdown.com |
Used to access the Nebula admin console. |
https://socket.cloud.malwarebytes.com | Used to provide real-time communication between the endpoint agent and OneView. |
https://ars.cloud.malwarebytes.com https://ars.cloud.threatdown.com |
Used to allow access for Active Response Shell. |
https://arsws.cloud.malwarebytes.com https://arsws.cloud.threatdown.com |
Used to allow websocket connection for Active Response Shell. |
https://detect-remediate.cloud.malwarebytes.com | Used to provide Endpoint Detection and Response capabilities. |
https://api.malwarebytes.com https://api.threatdown.com |
Used to communicate with the our Public APIs. |
https://downloads.malwarebytes.com | Used to download our packages and unmanaged remediation utilities. |
https://links.malwarebytes.com | Used to access product documentation through OneView. |
https://telemetry.malwarebytes.com https://telemetry.threatdown.com |
Used to communicate telemetry and threat information to our servers. More information on our telemetry can be found on our Privacy Policy. |
https://ark.mwbsys.com https://ark.threatdown.com |
Used to deliver updates to products. |
https://blitz.mb-cosmos.com | Used to upload files for research and analysis. |
https://cdn.mwbsys.com https://cdn.threatdown.com |
Used to deliver updates to products. |
https://keystone.mwbsys.com | Used to validate product licensing. |
https://keystone-akamai.mwbsys.com | Used to validate product licensing. |
https://meps.mwbsys.com | Used to validate the Ransomware Extinction Prevention system in OneView. |
https://repositories.mwbsys.com | Used to download the Linux installation packages. |
https://sirius.mwbsys.com https://sirius.threatdown.com |
Used to check for updates for both the product version and the protection database. |
https://hubble.mb-cosmos.com | Used to validate threats against servers for better protection and reduce false positives. |
https://data-cdn.mbamupdates.com | Used to deliver updates to products. |
https://data-cdn-static.mbamupdates.com | Used to deliver updates to products. |
http://cosmos-shuriken-samples-mb-prod.s3.amazonaws.com/ | Used to process samples sent from the endpoint agent. |
https://nebula-agent-installers-mb-prod.s3.amazonaws.com | Used to download the endpoint agent installer and component package updates. |
https://nebula-diagnostics-mb-prod.s3.amazonaws.com | Used to provide diagnostic data from the endpoint agent to OneView. |
https://nebula-helix-syslog-mb-prod.s3.amazonaws.com | Used to provide syslog functionality between the endpoint and OneView. |
https://storage.gra.cloud.ovh.net | Used to upload suspicious files for sandbox analysis for Endpoint Detection and Response. |
https://*.cloudflare-gateway.com | Used for the DNS Filtering module. |
Notes:
- We do not allow packet-inspection, as this interferes with the service protocols.
- Bypass inspection is required for packet-inspection.
- We support proxy configuration, using built-in functions.
- Pass-through proxy configuration is recommended.
- Dynamic proxy configuration is not supported.
- To test the Endpoint Agent connection, see: Use the Endpoint Agent Command-line tool with OneView.
Antivirus and Firewall Exclusions
If you use additional security software, we recommend adding specific software exclusions. These exclusions prevent your other software from conflicting. Conflicting security software may range from your network firewall to antivirus.
We recommend that you exclude the following folders and files in your antivirus, firewall, or other software. In addition to the items below, see our specific third-party antivirus software exclusions.
For more information on setting exclusions, see Create and edit exclusions in OneView.
For Windows Endpoints
%ProgramData%\Malwarebytes Endpoint Agent\
%ProgramData%\Malwarebytes\MBAMService\
%ProgramFiles%\Malwarebytes Endpoint Agent\
%ProgramFiles%\Malwarebytes Endpoint Agent\Plugins\Endpoint Protection\
%ProgramFiles%\Malwarebytes\Anti-malware\
%SystemRoot%\system32\drivers\ESProtectionDriver.sys
%SystemRoot%\system32\drivers\MBAMChameleon.sys
%SystemRoot%\system32\drivers\MBAMSwissArmy.sys
%SystemRoot%\system32\drivers\farflt.sys
%SystemRoot%\system32\drivers\flightrecorder.sys
%SystemRoot%\system32\drivers\mbae.sys (mbae64.sys on an x64 system)
%SystemRoot%\system32\drivers\mbam.sys
%SystemRoot%\system32\drivers\mwac.sys
For Mac Endpoints
/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent
/Library/Application Support/Malwarebytes/Malwarebytes Endpoint Agent/UserAgent.app
/Library/LaunchDaemons/com.malwarebytes.EndpointAgent.plist