ThreatDown Maintenance enabling Web Protection on all Policies (MB-EngineHostApp-NCEP)

Incident Report for Addigy

Resolved

After further discussions with ThreatDown (Malwarebytes), the release was reverted due to connection issues introduced from enabling Web Protection and should now be disabled from policies it was enabled on.

This should suppress the prompt, and prevent new users from seeing it.

If you require any additional assistance on this issue, please contact support@addigy.com

Posted May 30, 2025 - 22:35 UTC

Identified

Our partner, Threatdown (Malwarebytes), released an update to their OneView platform on May 29th 2025, at 9:00 PM which enabled Web Protection setting in all policies for all customers. This will cause a pop-up to all end-users to enable MB-EngineHostApp-NCEP Security Extension.

What to Expect:
* Devices with Threatdown EDR may begin to display popups or notifications related to Web Protection.
* These popups are expected behavior and indicate that Web Protection is now actively monitoring web traffic.

Remediation Options:

* This setting will stop prompting if you turn Web Protection Off in your OneView Policy.
* If you want to keep this setting on, it can be whitelisted with this profile or manually approved using this guide: https://support.threatdown.com/hc/en-us/articles/36281326008083-Allow-system-extension-for-Web-Protection-on-macOS-devices-Nebula (NOTE: This will cause networking issues, so please verify your deployment process as the previous content filter needs to be disabled.)

Recommended Actions:

* If you choose to do nothing, we recommend informing your users of the expected popups to reduce confusion.
* Review your ThreatDown policies to ensure they align with your organization’s security preferences.

If you experience unexpected behavior or need assistance adjusting your policies, please contact our support team.

Posted May 30, 2025 - 13:57 UTC

This incident affected: Addigy Cloud Interface.