For communication to flow between the Nebula console and endpoints, you must adjust your firewall. This article lists internal network recommendations and our external access requirements.
File and Printer Sharing
We recommend using Administrator shared folders to perform network tasks, such as installations. To use them, you must enable File and Printer Sharing on your endpoints.
The location of File and Printer Sharing options depends on which operating system your endpoint uses. Consult your operating system guide for additional information.
External Access Requirements
Allow the following addresses through your firewall or other security software. Endpoint Agents use the sites below to reach Nebula services.
You must allow or exclude all addresses on port 443, outbound.
Address | Purpose | Date Added |
https://api.threatdown.com | Used to communicate with our Public APIs. | 9/12/2024 |
https://ars.cloud.threatdown.com | Used to allow access for Active Response Shell. | 9/12/2024 |
https://arsws.cloud.threatdown.com | Used to allow websocket connection for Active Response Shell. | 9/12/2024 |
https://telemetry.threatdown.com | Used to communicate telemetry and threat information to our servers. More information on our telemetry can be found on our Privacy Policy. | 9/12/2024 |
https://cdn.threatdown.com | Used to deliver updates to products. | 9/12/2024 |
https://cloud.threatdown.com | Used to access the Nebula admin console. | 9/9/2024 |
https://ark.threatdown.com | Used to deliver updates to products. | 8/29/2024 |
https://sirius.threatdown.com | Used to check for updates for both the product version and the protection database. | 8/29/2024 |
https://*.cloudflare-gateway.com | Used for the DNS Filtering module. | 2023 |
https://cosmos-shuriken-samples-mb-prod.s3.amazonaws.com/ | Used to process samples sent from the endpoint agent. | 2023 |
https://ars.cloud.malwarebytes.com | Used to allow access for Active Response Shell. | 2022 |
https://arsws.cloud.malwarebytes.com | Used to allow websocket connection for Active Response Shell. | 2022 |
https://api.malwarebytes.com | Used to communicate with our Public APIs. | 2021 |
https://storage.gra.cloud.ovh.net | Used to upload suspicious files for sandbox analysis for Endpoint Detection and Response. | 2021 |
https://cloud.malwarebytes.com | Used to access the Nebula admin console. | 2019 |
https://socket.cloud.malwarebytes.com | Used to provide real-time communication between the endpoint agent and Nebula. | 2019 |
https://detect-remediate.cloud.malwarebytes.com | Used to provide Endpoint Detection and Response capabilities. | 2019 |
https://downloads.malwarebytes.com | Used to download packages and unmanaged remediation utilities. | 2019 |
https://links.malwarebytes.com | Used to access product documentation through Nebula. | 2019 |
https://telemetry.malwarebytes.com |
Used to communicate telemetry and threat information to our servers. More information on our telemetry can be found on our Privacy Policy. | 2019 |
https://ark.mwbsys.com | Used to deliver updates to products. | 2019 |
https://blitz.mb-cosmos.com | Used to upload files for research and analysis. | 2019 |
https://cdn.mwbsys.com | Used to deliver updates to products. | 2019 |
https://keystone.mwbsys.com | Used to validate product licensing. | 2019 |
https://keystone-akamai.mwbsys.com | Used to validate product licensing. | 2019 |
https://meps.mwbsys.com | Used to validate the Ransomware Extinction Prevention system in Nebula. | 2019 |
https://repositories.mwbsys.com | Used to download the Linux installation packages. | 2019 |
https://sirius.mwbsys.com | Used to check for updates for both the product version and the protection database. | 2019 |
https://hubble.mb-cosmos.com | Used to validate threats against our servers for better protection and reduce false positives. | 2019 |
https://data-cdn.mbamupdates.com | Used to deliver updates to products. | 2019 |
https://data-cdn-static.mbamupdates.com | Used to deliver updates to products. | 2019 |
https://nebula-agent-installers-mb-prod.s3.amazonaws.com | Used to download the endpoint agent installer and component package updates. | 2019 |
https://nebula-diagnostics-mb-prod.s3.amazonaws.com | Used to provide diagnostic data from the endpoint agent to Nebula. | 2019 |
https://nebula-helix-syslog-mb-prod.s3.amazonaws.com | Used to provide syslog functionality between the endpoint and Nebula. | 2019 |
Notes:
- The endpoint agent does not allow packet-inspection, as this interferes with the service protocols.
- Bypass inspection is required to bypass packet-inspection on the endpoint agent.
- Proxy configurations are supported using built-in functions.
- Pass-through proxy configuration is recommended.
- Dynamic proxy configuration is not supported.
- To test the Endpoint Agent connection, see: Use the Endpoint Agent Command-line tool with Nebula.
Exclude Nebula from other applications
We recommend adding specific software exclusions if you use additional security software with Nebula. For more information, see Exclusions for using Nebula with other security applications.