The Tamper protection policy option in Nebula protects endpoints by limiting the end-user's ability to uninstall the endpoint agent. It also prevents malicious threats from stopping, modifying, or deleting the endpoint agent.
Tamper protection settings
To find and toggle these options in Nebula:
- Go to Configure > Policies.
- Select a policy.
- Select the Tamper protection tab.
For the default settings, see ThreatDown recommended policy for Nebula.
Options in this section are as follows:
-
Uninstall Protection: This feature is enabled by default and stops all endpoint users from uninstalling the endpoint agent software or stopping the service by requiring a separate tamper protection uninstall password. Users who attempt to uninstall the endpoint agent cannot proceed without this tamper protection uninstall password.
- Click the show password icon
to view the current uninstall password in case you forgot the tamper protection uninstall password.
Note: This button only displays after the default tamper protection uninstall password has been changed in the policy. - Click the copy icon
to copy the current tamper protection uninstall password when shown.
- Click Change password to modify the current tamper protection uninstall password.
CAUTION - If an endpoint is unable to communicate with Nebula and the uninstall password is changed, the previous password may be required to uninstall the software.
- Click the show password icon
-
Service and Process Protection (Windows only): Prevents malware from stopping, modifying, or deleting the following Windows services:
- Malwarebytes Endpoint Agent: Handles the communication between Nebula and the endpoint. Protected on Windows 10 Build 1703 and above.
- Malwarebytes Service: Protection component that blocks and removes threats. Protected on Windows 7 and above.
Notes
- Both features require Endpoint Protection or Endpoint Detection and Response.
- Both features do not support Windows XP endpoints.