The Malwarebytes Business Support Tool is used to remove Malwarebytes business products from endpoints. This includes files, settings, and license information. First, attempt to uninstall the endpoint agent by deleting it in Nebula.
If the endpoint agent remains on the device after deleting it from Nebula, consult with Malwarebytes Support before running this tool. To remove Malwarebytes software from a Windows endpoint, download the Support Tool, then run it from Command Prompt. In the Command Prompt, you can use switches to specify how you want to remove the Malwarebytes software. A list of switches and instructions on how to use them are in this article.
To run the support tool, download and initiate it from the Windows Command Prompt as an administrator.
1. Click here to download the support tool and save it to the desktop.
2. Open Command Prompt as an administrator.
3. In the command window, change the directory to the desktop with the following command.
cd %userprofile%\desktop
4. Remove the endpoint agent based on the Tamper Protection settings with the next command.
- If Tamper Protection is enabled:
mb-clean.exe /y /cleanup /noreboot /nopr /epatamperpw "ActualTamperProtectionPassword"
Note: Replace ActualTamperProtectionPassword with the Tamper Protection password of the endpoint and keep the quotation marks. Check the policy of the endpoint if you forgot the Tamper Protection password.
- If Tamper Protection is disabled:
mb-clean.exe /y /cleanup /noreboot /nopr /epatoken "NoTamperProtection
5. Reboot the endpoint.
6. Open Command Prompt as an administrator and change the target directory to the desktop with the following command:
cd %userprofile%\desktop
7. Clean up additional files with the next command.
mb-clean.exe /y /cleanup /noreboot /nopr
8. Reboot the endpoint.
9. Verify the following directories are deleted. If not, remove them manually:
C:\Program Files\Malwarebytes Endpoint Agent
C:\ProgramData\Malwarebytes Endpoint Agent
C:\Program Files\Malwarebytes
C:\ProgramData\Malwarebytes
Note: Show hidden files and folders to locate the ProgramData folder. For more information, see View hidden files and folders in Windows.
Command line switches
Below is a list of switches you can use to execute the Malwarebytes Business Support Tool:
| Command line switch | Description |
| /y | Accepts the EULA. Required to run the tool. |
| /cleanup | - Performs a removal of all Malwarebytes software.
- Generates mbst-clean-results.txt log file in one of the following locations:
- Workstations: %localappdata%\temp
- Servers: %systemroot%\temp
- Or, the same directory that mb-clean.exe was run from.
- If you cannot find the file, run the following command in Command Prompt to check the tmp and temp environment variables.
|
| /noreboot | Optional: Prevents unscheduled reboots after cleanup. Recommended for Servers. |
|
|
| /nopr | - Optional: Ensures there is no post reboot cleanup.
- The Post Reboot Cleanup execution is intended to run subsequent to a reboot.
- If the /nopr switch is used prior to reboot, re-running the tool before a reboot will trigger the post-reboot operation prematurely and attempts to remove files still in use, or locked by the operating system.
|
| /epatamperpw "ActualTamperProtectionPassword" | - Required: Replace the password with your uninstall password and include the quotation marks.
- Locate the uninstall password in the Nebula policy settings.
- Use "NoTamperProtection" if Tamper Protection is disabled.
- If the incorrect password is supplied, the removal is canceled.
|