There may be situations where you need to temporarily stop the ThreatDown Endpoint Service on Windows endpoints for troubleshooting or testing. Stopping the service allows you to perform testing without uninstalling or removing the endpoint.
Note: If Tamper Protection is enabled, the endpoint's Tamper Protection password is required to stop the service.
Temporarily disable protection
- On the endpoint, locate the ThreatDown Endpoint Agent icon in the Windows system tray.
- Hold the Ctrl key and right-click the ThreatDown Endpoint Agent icon.
- Click Stop Malwarebytes Service.
- If prompted, enter the endpoint's Tamper Protection password.
- The password can be found in the console in the Configure > Policies page. After clicking on the endpoint's policy, go to the Tamper Protection tab and click the
show password button.
- The password can be found in the console in the Configure > Policies page. After clicking on the endpoint's policy, go to the Tamper Protection tab and click the
- Perform the required troubleshooting or testing.
If the tray icon is hidden on the endpoint, enable the Show the ThreatDown icon in the notification area policy setting to show it, or use EACmd.exe to run the -stopmbamservice command. For more information, see:
Restarting the Service
Once testing is complete:
- Hold the Ctrl key and right-click the ThreatDown Endpoint Agent icon again.
- Click Start Malwarebytes Service.
If the tray icon is still hidden, use EACmd.exe to run the -startmbamservice command.
The endpoint will resume normal protection once the service has been started.