Endpoint Security, Malwarebytes Remediation for CrowdStrike, How to Scan

These instructions indicate how to use MRfCS to scan a Windows host.

Before you begin, make sure that you have fulfilled the prerequisites for using MRfCS. See Endpoint Security, Malwarebytes Remediation for CrowdStrike, Prerequisites.

This tool is for use only be IT professionals. Please take care to scan only hosts that are under your support.

Performing Scans

  1. Beginning from the host search view, search for the host(s) to scan, then click Load hosts.
  2. Click the checkbox next to each host to select it for scanning.
  3. Choose the appropriate Scan type and Scan options. A description of each option can be found at https://support.malwarebytes.com/hc/en-us/articles/1500004106422-Scan-endpoints-with-Malwarebytes-Remediation-for-CrowdStrike.
  4. (Optional) Provide an exlusions JSON file by browsing to it with the Browse file button.
  5. Click Scan to perform the scan.
  6. View scan progress for that host by clicking the link under the Status column.
scan_steps.pngIllustrated Steps to Scan

 Suggested Scan Options

Security Best Practices

This tool is intended to be used to augment the detection and prevention capabilities provided by CrowdStrike. While useful to clean up after a detection or to search for unwanted programs, its use can impede active investigations. Do NOT use this in the middle of an active medium or high level incident, unless directed to do so by an incident responder.

Because scan results can provide evidence of an intrusion, there may be situations where you will be requested to send a copy of your scan results to Security. Please send a copy of the scan report to security@illinois.edu if any of the following applies:

Scan reports can be found by navigating to Scan History > Open Report for the appropriate scan.