IBM BigFix was acquired by HCL Technologies, Ltd. and is now named HCL BigFix. Some of the screenshots in this article may display the previous company logo.
Introduction
Breach Remediation is a portable command-line product, designed to detect and remove malicious software from endpoints. Breach Remediation requires no installation on the endpoints; simply distribute the files to the endpoints and execute the program.
For more information, please see the Breach Remediation Windows Administrator Guide.
Features
Breach Remediation for HCL BigFix provides the following features:
- BigFix Fixlet to download and execute scans on managed endpoints
- BigFix Analysis to return scan results to the BigFix Server
- Custom Web Reports to display the results
Prerequisites
To use Breach Remediation for HCL BigFix, the following is required:
- HCL BigFix platform 9.x and later, including Web Reports
- Subscription to one of the following products:
- Incident Response
- Endpoint Protection
- Endpoint Detection and Response
- Your product license key
Installation
Follow these steps to import the Breach Remediation content into the BigFix platform.
Download the Breach Remediation for HCL BigFix zip file
- Download the Breach Remediation for HCL BigFix file here.
- Unzip the file malwarebytes_bigfix.zip. The files contained in the zip file are:
- mwb_fixlets.bes - Contains both the task and analysis.
- mwb_mbbr.beswrpt - Contains the custom web reports.
Create a custom BigFix site
It is a good practice and recommended to create a custom site to host the imported content. Future content can be imported later into this same custom site.
- Log in to BigFix.
- Create a custom site. Go to Tools > Create Custom Siteā¦
- Name the custom site Malwarebytes.
Import the Fixlet
- Double-click on the file mwb_fixlets.bes to import the Fixlet into BigFix.
- Ensure both the task and analysis are created in the new custom site.
- Both items are available from the BigFix Console.
Import custom Web Reports
- Log into Web Reports and select Report List > Import report
- Import the file mwb_mbbr.beswrpt as XML.
- After performing threat scans, the Web Reports screen displays the results.
Enter your license key in BigFix
- Login to Nebula.
- Go to Download Center > Advanced tools and locate the License key at the bottom.
- Open BigFix and navigate to your custom site, All Content > Sites > Malwarebytes.
- Click Fixlets and Tasks.
- On the Description tab, paste or enter your license key in the License Key field.
Copy the Breach Remediation task to adjust options
Breach Remediation provides many options and features. In order to fine-tune Breach Remediation for HCL BigFix for your environment, we suggest the following:
- Make a copy of the initial BigFix task.
- Use the copy to fine-tune how the task works:
- In the copied task, edit the BigFix action script.
- Customize the command line options for Breach Remediation.
- Refer to the Breach Remediation Windows Administrator Guide for details and more information.