Before you begin, make sure that you have fulfilled the prerequisites for using MRCS. See Endpoint Security, Malwarebytes Remediation Connector Solution, Prerequisites.

This tool is for use only by IT professionals. Please take care to scan only hosts that are under your support.

Performing Scans

1. Beginning from the host search view, search for the host(s) to scan, then click Load hosts.
2. Click the checkbox next to each host to select it for scanning.
3. Choose the appropriate Scan type and Scan options. Please see Malwarebytes' Scan endpoints with Malwarebytes Remediation Connector Solution article for a description of each option.
4. (Optional) Provide an exclusions JSON file by browsing to it with the Browse file button.
5. Click Scan to perform the scan.
6. View scan progress for that host by clicking the link under the Status column.

 Suggested Scan Options

• "Full system scan"
  • Scan type: Full
  • Remove
  • NoReboot
  • Anti-rootkit
  • AIScan
• "Recon scan"
  • Scan type: Full
  • Anti-rootkit
  • AIScan

Security Best Practices

This tool is intended to be used to augment the detection and prevention capabilities provided by CrowdStrike. While useful to clean up after a detection or to search for unwanted programs, its use can impede active investigations. Do NOT use this in the middle of an active medium or high level incident, unless directed to do so by an incident responder.

Because scan results can provide evidence of an intrusion, there may be situations where you will be requested to send a copy of your scan results to Security. Please send a copy of the scan report to security@illinois.edu if any of the following applies:

• Scan was initiated due to a Medium or higher severity detection or incident, and found at least one detection.
• Scan results contain at least one detection and are concerning.

Scan reports can be found by navigating to Scan History > Open Report for the appropriate scan.