Body
Summary
This article discusses the Threatdown Nebula agent found on LSA managed Windows and Mac devices.
Note: Malwarebytes was rebranded as Threatdown in early 2024. The Nebula agent branding was changed to Threatdown on Mac devices in August 2024, but remains as Malwarebytes on Windows devices.
Environment
LSA managed Windows and Mac devices.
Directions
What is the Threatdown (Malwarebytes) Nebula agent?
The Threatdown (Malwarebytes) Nebula agent is a tool that can quickly detect and quarantine adware, viruses, malware, and other threats, and is installed on all managed Windows and Mac devices within LSA. The agent communicates back to the Nebula console, which provides central management, and enables LSA Technology Services support staff to run on-demand threat scans on devices when we are alerted to potential security threats through tools like Crowdstrike Falcon.
How do I use the Threatdown (Malwarebytes) Nebula agent?
LSA Technology Services will use the Threatdown (Malwarebytes) Nebula agent to run a threat scan on your device if they are notified of a potentially malicious file or application. Scans can be run on-demand remotely, quickly eliminating threats and saving device owners the hassle of a trip to Technology Services.
Device owners can also run threat scans on-demand by clicking on the Threatdown (Malwarebytes) logo in the system tray (Windows) or the top bar (Mac), then selecting Start Threat Scan:
A threat scan in progress.
Threats detected by Threatdown (Malwarebytes) will be automatically quarantined, with full details sent to the Nebula console. LSA Technology Services staff will review detections and delete or restore files as appropriate.
Notes
Questions? Contact LSA Security at lsa.security@umich.edu