When creating a base image with the endpoint agent installation, the agent should be prevented from connecting to the internet before the image is generalized by Sysprep. This may be easier to accomplish if the Malwarebytes installation is saved for the last step when configuring an image.
If the endpoint agent is allowed to reach the internet and check into our servers, a unique software ID will be assigned to the endpoint agent machine. As a result, any other machine spun up from this image will be a duplicate entry of the original ID accidentally assigned to your base image's Nebula installation.
There are two parts to the process: create the installer, and install Nebula on your base image.
Create the installer
Before you create the image, you need to download the MSI installer package. For MSI installer requirements, see the System requirements for Nebula
- To create the installer, follow steps 1–4 in this article: Add Windows endpoints in Nebula.
- After downloading and exporting the package in step 5, return to this article and follow the install steps below.
Install the endpoint agent on your base image
- Copy the installer to your base image environment.
- Disconnect your base image environment from the network.
- Run the endpoint agent installer.
- If you need to add proxy information, you may do so during installation. See Change proxy settings for Endpoint Agent.
- If you prefer to script environment setup tasks, proxy information can be set with switches when using the MSI-based installer.
- If you require a network connection to complete other tasks before Sysprep, stop the agent service to avoid automatic ID assignment:
- Open services.msc.
- Right-click on the Malwarebytes Endpoint Agent service and select Stop.
- It is now safe to re-enable network connectivity for the base image machine.
- When installation is complete and the agent is on the base image machine, you may safely perform Sysprep generalization and subsequent image capture.
- When ready to deploy your new base image, be sure to test it on 2 or 3 machines first to ensure the endpoint agent does not encounter any issues.
Once the image is deployed and the endpoint user logs into Windows, the Endpoint Protection agent:
- Performs a check-in.
- Receives an ID assignment.
- Downloads and installs real-time protection and scanning engine items, configured according to Nebula's Group and Policy settings.