Topics Map > Safety and Security > Malware Protection

Endpoint Security, Malwarebytes Remediation for CrowdStrike, How to Scan

These instructions indicate how to use MRfCS to scan a Windows host.

Before you begin, make sure that you have fulfilled the prerequisites for using MRfCS. See Endpoint Security, Malwarebytes Remediation for CrowdStrike, Prerequisites.

This tool is for use only be IT professionals. Please take care to scan only hosts that are under your support.

Performing Scans

  1. Beginning from the host search view, search for the host(s) to scan, then click Load hosts.
  2. Click the checkbox next to each host to select it for scanning.
  3. Choose the appropriate Scan type and Scan options. A description of each option can be found at https://support.malwarebytes.com/hc/en-us/articles/1500004106422-Scan-endpoints-with-Malwarebytes-Remediation-for-CrowdStrike.
  4. (Optional) Provide an exlusions JSON file by browsing to it with the Browse file button.
  5. Click Scan to perform the scan.
  6. View scan progress for that host by clicking the link under the Status column.
scan_steps.pngIllustrated Steps to Scan

 Suggested Scan Options

  • "Full system scan"
    • Scan type: Full
    • remove
    • noreboot
    • ark
    • useExpert
  • "Recon scan"
    • Scan type: Full
    • ark
    • useExpert

Security Best Practices

This tool is intended to be used to augment the detection and prevention capabilities provided by CrowdStrike. While useful to clean up after a detection or to search for unwanted programs, its use can impede active investigations. Do NOT use this in the middle of an active incident, unless directed to do so by an incident responder.

Because scan results can provide evidence of an intrusion, there may be situations where you will be requested to send a copy of your scan results to Security. Please send a copy of the scan report to security@illinois.edu if any of the following applies:

  • Scan was initiated due to a Medium or higher severity detection or incident, and found at least one detection.
  • Scan results contain at least one detection and are concerning.

Scan reports can be found by navigating to Scan History > Open Report for the appropriate scan.




Keywords:mwb, mbbr, mrfcs, scan, scanning, hosts, computer, computers, system, systems, virus, malware, anti-malware, antimalware, remove, removal, remediate, remediation, falcon   Doc ID:111377
Owner:Security S.Group:University of Illinois Technology Services
Created:2021-06-07 14:27 CDTUpdated:2021-06-08 11:55 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0