Breach Remediation

Provides advanced threat detection and remediation for your endpoints via an extensible platform.


Stop re-imaging, start hunting

According to Gartner and Ponemon Institute research, malicious threats remain undetected on business endpoints for 205 to 229 days on average*. Can your enterprise business wait that long? Our next-gen technology scans for and remediates malware, reducing dwell time and the need for endpoint re-imaging.

Malwarebytes Breach Remediation is engineered to integrate seamlessly into existing security stacks. If your endpoints require comprehensive advanced threat protection, we recommend Malwarebytes Endpoint Security.


Hunts for malware

Discovers new and undetected malware and rapidly remediates it. Uses Malwarebytes behavioral rules and heuristics to detect zero-day malware. Accesses indicators of compromise (IOCs) from third-party breach detection tools and repositories for comprehensive detection.

Remediates malware thoroughly

Removes all traces of infections and related artifacts, not just the primary payload or infector. Eliminates risk of new attacks or lateral movements that capitalize on leftover malware traces. Malwarebytes is the de facto industry leader in malware remediation—trusted by millions and proven by

Reduces downtime drastically

Enables you to direct efforts toward more important projects, versus spending countless hours resolving malware-related incidents and re-imaging hardware across your enterprise.

Reduces threat dwell time

Detects advanced threats that your other security layers have missed, closing the window between discovery and remediation. Reduces exposure to malicious activity.

Records threat events for later analysis

Tracks forensic analytics using the proprietary Forensic Timeliner feature so your team can address security gaps or unsafe user behavior. Gathers system events prior to and during an infection and presents data in a timeline for comprehensive analysis of vector and attack chain. Events covered include file and registry modifications, file execution, and websites visited.

Works within your stack

Integrates easily with existing security infrastructure such as SIEM (e.g., Splunk, ArcSight, IBM QRadar), breach detection systems (e.g., Cisco, Palo Alto Networks, FireEye), and endpoint management platforms (e.g., Tanium, ForeScout, Microsoft SCCM). Enables you to trigger deployment and remediation through your endpoint management platform based on alerts received from your SIEM and automatically feed resolution details back into your SIEM.

Closes Apple security gap

Removes malware and adware quickly from Mac endpoints. Cleans up OS X systems in less than a minute from start to finish. Separate GUI and command line programs enable flexible deployment using popular Mac management solutions (e.g., Apple Remote Desktop, Casper Suite, Munki). Allows remote, automated operation using shell, or AppleScript commands. System administrators and incident responders can collect system information using convenient Snapshot command.

* Sources: Gartner Security & Risk Management Summit Presentation, Defending Endpoints From Persistent Attack, Peter Firstbrook, 8-11 June 2015

Ponemon Institute, 2016 Cost of Data Breach Study, June 2016

Complete malware removal

Breach Remediation in action (Mac version)

Robust, remote, rapid


  • Advanced malware remediation with anti-rootkit scanning [ PC ] [ Mac ]
  • Intelligent proprietary scanning engine [ PC ] [ Mac ]
  • Automated remote malware discovery and remediation [ PC ] [ Mac ]
  • Behavioral forensic analytics [ PC ]
  • Command-line interface [ PC ] [ Mac ]
  • Graphical user interface [ Mac ]
  • Custom OpenIOC threat indicators (XML format) [ PC ]
  • Four system scan types (Full, Threat, Hyper, Path) [ PC ]
  • Optional scan-and-remediate or scan-only modes [ PC ] [ Mac ]
  • Quarantine management of detected threats [ PC ] [ Mac ]
  • Event logging to central location (CEF format) [ PC ]
  • No lasting footprint on endpoint [ PC ] [ Mac ]
  • Extensible platform supports flexible deployment options [ PC ] [ Mac ]

Don't take our word for it

Nuts 'n Bolts

Tech specs

These are the minimum requirements for a computer on which Malwarebytes Breach Remediation is deployed. Please note that these requirements do not include other functionality that the computer is responsible for.

Click here to view our full business history.
Included Components
Windows CLI program
Windows Forensic Timeliner program
Mac GUI program
Mac CLI program
Languages Available
Operating Systems
Windows 10® (32-bit, 64-bit)
Windows 8.1® (32-bit, 64-bit)
Windows 8® (32-bit, 64-bit)
Windows 7® (32-bit, 64-bit)
Windows Vista® (32-bit, 64-bit)
Windows XP® (Service Pack 2 or later, 32-bit only)
Windows Server 2012®/2012 R2® (32-bit, 64-bit)
Windows Server 2008®/2008 R2® (32-bit, 64-bit)
Windows Server 2003® (32-bit only)
Mac OS X (10.8 and newer)

Please note that Windows servers using the Server Core installation process are specifically excluded.
Hardware Requirements
256MB of RAM (512MB or more recommended)
800MHz CPU or faster
20MB of free hard disk space
800x600 or greater screen resolution
Active Internet Connection, for license validation and threat signature updates
USB Port (optional, depending on deployment method)

Want to prevent cyber threats? Check out Malwarebytes Endpoint Security


Select your language