While we use the Malwarebytes plugin bundled with Automate, one of the annoyances we have with the solution is that there isn’t an option to exclude servers from deployment.
For anyone unfamiliar with the setup, the plugin presents an auto-deployment option. This will deploy Malwarebytes to all machines at the client, unless the machine is specifically marked as excluded.
The issue with that approach is newly installed servers won’t have the exclusion checked and Malwarebytes will install.
There are a few ways to approach this:
The first approach we looked into was setting the configuration option via the script that runs when a new agent is installed. However, the exclusion checkbox isn’t a traditional EDF in that it’s stored in a plugin_ table and not in the extrafielddata table, so this would just be a SQL execution in that script.
I didn’t really like that idea, so wrote the following to update all servers at once:
INSERT INTO plugin_malwarebytes_computer_settings(computerid,policyGUID,excludeMBAM,excludeMBAE,excludeMBARW) SELECT computers.computerid, NULL, 1, 1, 1 FROM computers LEFT JOIN inv_operatingsystem ON computers.computerid = inv_operatingsystem.computerid WHERE inv_operatingsystem.server = 1 AND computers.os LIKE '%Windows%' ON DUPLICATE KEY UPDATE excludeMBAM = 1, excludeMBAE = 1, excludeMBARW = 1
This pulls every computer from the computers table that is a server. For all of those, it inserts or updates a row in the table used by the Malwarebytes plugin to store computer settings and sets it to exclude.
Run that query manually once to exclude for all current servers. To exclude future servers, run this as a scheduled client script every 5 minutes.
Wuthering Nights 