Intune App Packaging

How to Deploy Malwarebytes via Intune (Win32 App Packaging Guide)

Published 17 March 2026 · 7 min read

Malwarebytes for Teams (the business/endpoint version) can be deployed via Intune as a Win32 app. Unlike the consumer version, the business endpoint agent checks in to the Malwarebytes Nebula console for policy and reporting. This guide covers deploying the endpoint agent and connecting it to your Nebula account automatically on install.

Contents
  1. Prerequisites
  2. Download the endpoint agent
  3. Wrap with the Content Prep Tool
  4. Add the app in Intune
  5. Install and uninstall commands
  6. Detection rule
  7. Known gotchas

Prerequisites

⚠️
Business vs consumer version
This guide covers Malwarebytes for Teams (the business product), not Malwarebytes Premium (the consumer product). The consumer version cannot be centrally managed and is not suitable for business deployment.

Download the endpoint agent

Log in to the Nebula console at cloud.malwarebytes.com, go to Settings → Downloads, and download the Windows Endpoint Agent. The filename will be something like MBSetup.exe.

Wrap with the Content Prep Tool

IntuneWinAppUtil.exe -c "C:\AppSource\Malwarebytes" -s "MBSetup.exe" -o "C:\IntunePackages"

Add the app in Intune

Intune Admin Centre → Apps → Windows → + Add → Windows app (Win32)
  1. Upload the .intunewin file
  2. Name: Malwarebytes Endpoint Agent
  3. Publisher: Malwarebytes Inc.

Install and uninstall commands

The install command links the agent to your Nebula account automatically. Replace YOUR_ACCOUNT_ID and YOUR_GROUP_ID with the values from your Nebula console.

⚙️
Program settings
[]
Install commandLinks the agent to your Nebula console automatically
MBSetup.exe /verysilent /sp- /suppressmsgboxes ACCOUNT=YOUR_ACCOUNT_ID GROUP=YOUR_GROUP_ID
Uninstall command
MBSetup.exe /verysilent /uninstall /sp- /suppressmsgboxes
Install behaviour
System
Device restart behaviour
No specific action
💡
Get your Account and Group IDs from Nebula
In the Nebula console go to Settings → Downloads. The Account ID and Group ID are shown next to the installer download. The Group ID determines which policy group the device joins on enrolment.

Detection rule

🔍
File detection rule
[]
Rule type
File
Path
C:\Program Files\Malwarebytes\Anti-Malware
File or folder name
mbam.exe
Detection method
File or folder exists

You can also check the Malwarebytes service is registered:

# Detect Malwarebytes endpoint agent
$service = Get-Service -Name "MBAMService" -ErrorAction SilentlyContinue
if ($service) {
    Write-Output "Detected: MBAMService status $($service.Status)"
    exit 0
} else {
    exit 1
}
💡
Test your detection rule first
Before deploying to users, install the app manually on a test device and verify the detection rule matches. Run the detection script or check the file path exists before assigning to a group.

Known gotchas

Devices not appearing in the Nebula console after install

If the device installs successfully but does not appear in Nebula, check the Account ID and Group ID values in the install command. A wrong Account ID means the agent cannot register. Check the Malwarebytes service is running on the device with Get-Service MBAMService.

Conflict with Windows Defender

Malwarebytes Endpoint Protection can be configured to run alongside Windows Defender rather than replace it. The default behaviour depends on your Nebula policy. Check your Nebula policy settings to confirm whether Malwarebytes is set to co-exist with Defender or take over real-time protection.

Malwarebytes flagging legitimate software during deployment

If Malwarebytes is deployed to a device that already has apps installed, it may flag some installers or tools as potentially unwanted programs. This is more common with cracked tools or grey-area software. If you get false positive alerts in Nebula during rollout, check the policy exclusions and add trusted paths where needed.

Installer typeEXE (/verysilent)
Nebula registrationVia ACCOUNT= and GROUP= flags
Detection methodFile or service check
Conflicts with DefenderConfigurable in Nebula policy
Reboot requiredNo

Frequently Asked Questions

Q: How do I deploy Malwarebytes via Intune and connect it to Nebula?

Use the install command: MBSetup.exe /verysilent /sp- /suppressmsgboxes ACCOUNT=YOUR_ACCOUNT_ID GROUP=YOUR_GROUP_ID. Get your IDs from the Nebula console under Settings > Downloads.

Q: Where do I find my Malwarebytes Nebula Account ID?

Log in to cloud.malwarebytes.com, go to Settings > Downloads. The Account ID and Group ID are shown next to the Windows Endpoint Agent installer download.

Q: Why is my device not appearing in the Malwarebytes Nebula console after Intune deployment?

Check the Account ID and Group ID in your install command are correct. Also verify the MBAMService is running on the device using Get-Service MBAMService in PowerShell.

Q: Does Malwarebytes conflict with Windows Defender?

Malwarebytes can be configured to co-exist with Defender or replace it for real-time protection. The default behaviour is controlled by your Nebula policy settings.

// need intune set up properly?
Fixed-price Intune setup for UK businesses

I set up Intune for UK small businesses at a fixed price - app deployment, compliance policies, Conditional Access, and full documentation handed over at the end.

View Packages
More App Packaging Guides
Deploy VS Code via Intune Deploy 7-Zip via Intune Deploy Notepad++ via Intune
#intune #app-packaging #win32 #endpoint-management