March 31, 2026
Security Advisor Bug Fix
Bug Fix
Security Advisor now correctly displays issues and recommendations in order of severity.
Features and Improvements
No features this release.
Issues Fixed
NDEV-21650: Fixed an issue where Security Advisor issues and recommendations were not sorted by severity.
March 27, 2026
Active Response Shell for Linux
Feature
Added support for Active Response Shell on Linux endpoints. This provides administrators the ability to launch a remote session on Linux endpoints for investigating attacks, collecting forensic data, and remediating detections.
Features and Improvements
No additional features this release.
Issues Fixed
No fixes this release.
March 19, 2026
Security Advisor for education accounts
Improvement
Security Advisor is now enabled for Education (EDU) customers in Nebula. Security Advisor provides a clear, consolidated view of an account’s security posture through an overall security score, helping users quickly understand where attention is needed. It highlights key risk areas and delivers actionable recommendations, enabling Admins to prioritize and improve their organization’s overall protection more effectively.
Features and Improvements
No additional improvements this release.
Issues Fixed
No fixes this release.
March 17, 2026
ThreatDown Rebrand for iOS Endpoint Agent
Improvement
The iOS Endpoint Agent app has been updated with the new ThreatDown logo and branding, replacing the previous Malwarebytes logo.
Improvement
iOS MDM Deduplication Fields
The iOS Endpoint Agent and the Nebula Download Center supports additional Mobile Device Management (MDM) configuration fields (name, UUID, serial number, token) to improve endpoint deduplication for MDM-managed iOS and iPadOS devices. This reduces duplicate endpoint entries in the console.
Features and Improvements
Android ThreatDown Mobile Security
Serial number reporting from MDM configuration.
Support for moving Android endpoints between accounts.
Fix for Web Protection URL reporting during Safe Browsing.
Issues Fixed
No fixes this release.
March 12, 2026
Track Exclusion activity via Audit Log
Feature
We expanded our Audit Log capabilities to include full visibility into exclusion management. Users can now track every instance an exclusion is created, deleted, or edited, ensuring a complete compliance record for all exclusion-related changes.
Improvement
Embedded Audit History view
Navigating between historical records is now seamless. When viewing a specific audit trail entry, you can see a full history of all dates and times that record was updated. You can select any previous version from this view to see details instantly without leaving your current window.
Features and Improvements
No additional features this release.
Issues Fixed
No fixes this release.
March 10, 2026
Various Nebula bug fixes
Bug fixes
Resolved several bugs related to DNS Filtering, Patch Management, and the Endpoints page.
Features and Improvements
No features this release.
Issues Fixed
NDEV-21608: Fixed an issue where DNS Content categories failed to load when the Rule details page was refreshed.
NDEV-21628: Fixed an issue where the Show Ignored Patches toggle was incorrectly enabled by default on the Patch Management page.
NDEV-21651: Fixed an issue where the endpoint list failed to populate when opening a patch details page.
March 3, 2026
Ignore rules for Patch Management
Feature
Administrators can use Ignore Rules in Patch Management to exclude specific OS or third-party updates from deployment and reporting. This helps prevent untested or disruptive patches from reaching production, ensuring only approved updates are installed. It also allows for controlled testing before organization-wide rollout.
Features and Improvements
No additional features this release.
Issues Fixed
NDEV-21400: Fixed an issue where policy-specific Application Block rules could incorrectly appear as global after being disabled.
NDEV-21464: Fixed an issue where low-severity items in the Security Advisor were incorrectly displayed under Immediate Action Needed.
NDEV-21530: Fixed an issue where the endpoint restart display message in Security Advisor did not dynamically reflect the configured settings.