Endpoint Security, Malwarebytes Remediation for CrowdStrike, How to Scan
These instructions indicate how to use MRfCS to scan a Windows host.
Before you begin, make sure that you have fulfilled the prerequisites for using MRfCS. See Endpoint Security, Malwarebytes Remediation for CrowdStrike, Prerequisites.
This tool is for use only be IT professionals. Please take care to scan only hosts that are under your support.
- Beginning from the host search view, search for the host(s) to scan, then click Load hosts.
- Click the checkbox next to each host to select it for scanning.
- Choose the appropriate Scan type and Scan options. Please see Malwarebytes' Scan endpoints with Malwarebytes Remediation for CrowdStrike article for a description of each option.
- (Optional) Provide an exclusions JSON file by browsing to it with the Browse file button.
- Click Scan to perform the scan.
- View scan progress for that host by clicking the link under the Status column.
Suggested Scan Options
- "Full system scan"
- Scan type: Full
- "Recon scan"
- Scan type: Full
Security Best Practices
This tool is intended to be used to augment the detection and prevention capabilities provided by CrowdStrike. While useful to clean up after a detection or to search for unwanted programs, its use can impede active investigations. Do NOT use this in the middle of an active medium or high level incident, unless directed to do so by an incident responder.
Because scan results can provide evidence of an intrusion, there may be situations where you will be requested to send a copy of your scan results to Security. Please send a copy of the scan report to email@example.com if any of the following applies:
- Scan was initiated due to a Medium or higher severity detection or incident, and found at least one detection.
- Scan results contain at least one detection and are concerning.
Scan reports can be found by navigating to Scan History > Open Report for the appropriate scan.