Breach Remediation (MBBR) allows business users to detect and remove threats directly from endpoints. You can download the unmanaged client from your Nebula or OneView console. This article describes how to download and register Breach Remediation for Windows.
Use of Breach Remediation requires a subscription to one of the following:
- Incident Response
- Endpoint Protection
- Endpoint Detection and Response.
For Windows 7 and Windows Server 2008 R2, Windows security patches KB4474419 and KB4490628 must be installed to use MBBR. For more information, see Windows 2019-09 Security Update for Windows devices running business products.
Download and register Breach Remediation
- Log in to Nebula or OneView.
- On the left navigation menu, click Download Center.
- Select the Advanced tools tab.
- Scroll down to the Remediation (Unmanaged) section.
- Under Windows Breach Remediation, click Download.
- Extract the Breach_Remediation_4.x.x.x folder into the directory of your choice.
- Navigate to the subfolder \Windows\Remediation to find MBBR self-extracting executable.
- Right-click the program and run as administrator to extract the program and its dependencies.
- You now need to register Breach Remediation and update its malware definitions.
- Get your product license key.
- Nebula: Go to Download Center > Advanced tools and locate the License key at the bottom.
- OneView: Go to Manage > Sites, click a site, and locate the license key in the top-right.
- Manually copy the license or click the copy to Clipboard icon next to the license key.
- Open an elevated Command Prompt.
- Change the directory with the cd command to the location of the file from step 7.
- Run the following command to register the product:
mbbr register –key:YOURKEYHERE
- Run the following command to retrieve the latest malware definitions:
mbbr update
- The program is now registered and updated. Copy the entire Remediation folder to your target machine and run one of the following commands to scan:
- Threat scan: mbbr scan -remove
- Threat scan with Rootkit detection: mbbr scan -ark -remove
- Full Scan (all local drives): mbbr scan -full -remove
- When the scan completes, the scan result logs will be located in subfolder \Windows\Remediation\ScanResults. The ScanResults.json file and ScanSummary.txt file will be overwritten the next time that Breach Remediation executes a scan.
Notes:
- Scans will automatically reboot the system as needed if the -remove switch is used.
- Add -noreboot after the -remove switch if you want to disable automatic restart. In this case, you must manually restart the device to complete the removal process.
For additional commands and switches, reference the Breach Remediation Windows Administrator Guide.
Breach Remediation definitions are valid for 48 hours, after which the product must be updated via step 15. The product remains registered for 14 days, after which it will require registration via step 14. This is to prevent unauthorized use. There is no additional cost to re-register the client.