Breach Remediation with Microsoft SCCM integration allows SCCM administrators to deploy Breach Remediation to endpoints, execute scans and removal of threats, and send reports back to an Active Directory server. The user guide describes how to:
- Deploy Breach Remediation to your Windows endpoints.
- Initiate a scan on your Windows endpoints.
- Run the MBBR Scan Reports script to collect logs to your network-shared folder.
To install and configure Breach Remediation with Microsoft SCCM, refer to Install and configure Breach Remediation for Microsoft SCCM.
Run the Deploy MBBR script in SCCM
- In your SCCM console, go to Assets and Compliance > Devices or Device Collections > right-click on a device or collection of devices > click Run Script in the context menu.
- In the Run Script window, select the Deploy MBBR script from the list of available scripts.
- Click Next > Next > then once the Script Status Monitoring completes, click Close.
- To confirm Breach Remediation deployment on the target endpoint, check to see that the source files appeared as expected on that device.
Run the Execute MBBR script to scan and quarantine threats
- In your SCCM console, go to Assets and Compliance > Devices or Device Collections > right-click on a device or collection of devices > click Run Script in the context menu.
- On the Run Script window, select the Execute MBBR script from the list of available scripts. Click Next.
- On the Script Parameters window, in the FilePath field, enter the path where source files have been deployed in the clients followed by: mbbr_<scan action>_<type of scan>.bat
- Scan action: can be scan or quarantine
- Type of scan: can be hyper, threat, or full
- Click Next > Next > Next > then once the Script Status Monitoring completes, click Close.
- To confirm the scan completed, check the target endpoint for the ScanSummary Notepad file which displays results.
Run the MBBR Scan Reports script to gather logs
The SCCM administrator can also collect scan logs back to the preferred network share folder. The MBBR Scan Reports script is required to collect this data.
- In your SCCM console, go to Assets and Compliance > Devices or Device Collections > right-click on a device or collection of devices > click Run Script in the context menu.
- On the Run Script window, select the MBBR Scan Reports script from the list of available scripts.
- Click Next > Next > Next > then once the Script Status Monitoring completes, click Close.
- After the script execution completes, go to your network-shared folder path to view the logs. The log files Name displays the target client name and the timestamp as shown in the following screenshot.
- Open the Notepad file to view the full report details.