Step 1: Download the installer files

The first step is to download the setup program. Go to www.malwarebytes.org and select the Pro version in the products menu. On the Malwarebytes Anti-Malware Pro page, click the download link. Now create a working folder and place the downloaded file there. We will assume C:\Malwarebytes on this page. The downloaded file is called for example "mbam-setup-1.62.0.1300.exe". Rename this file to "setup.exe". You may leave the original name, but then you need to edit your script, if you change the initially installed version.

Step 2 - option 1: Installation through a logon script

To make the installation unattended through a logon script, we need to:

• Obtain administrative permissions to install the application.
• Optionally make sure the installation only happens on computers in a certain Active Directory group.
• Execute Setup.exe without any interaction, which can be done by passing the /verysilent parameter.
• Register the product with your license key.
• Do an initial engine update.

If you do not have UAC enabled, you can execute the installation as part of your logon script and use the internal FastTrack Scripting Host installer logic to keep track of installations, as explained here. If you do have UAC enabled, you can do this in a similar way with a startup script, see the UAC page for more information.

We are assuming here that you have put Setup.exe in a folder named "Malwarebytes" in the root of a share called \\AcmeServer\Installers$. You need to replace this and the installation user with information that is suitable on your network. As part of the logon script, we can then insert this:
If you want Malwarebytes installed on all computers, you can remove the outer condition. But in the above example, Malwarebytes is only installed on computers in an Active Directory group called "MalwarebytesComputers". The user "AcmeInstall" must be replaced with an administrative user in your domain. The password must be encrypted with the "Encrypt Password" tool in the script editor, which can be started by pressing F8.

We now need to create the installation script on the location "\\AcmeServer\Installers$\Malwarebytes\Install.fsh". In the same folder, you also need to have Setup.exe. The script requires these script lines:
The installation is executed unattended, the product is registered and the engine is updated. Finally the "RegisterInstallation" command ensures that the installation will not run again, which is explained here. You will need to replace the two keys at the top with your licensing information.

Step 2 - option 2: Deployment through Group Policies to a container or Organizational Unit

To deploy Malwarebytes with Group Policies, we need to repackage the installation into a Windows Installer .msi file. FastTrack Scripting Host can package a script and installation files into an .msi file, as explained here. The installation script must basically run the installation and then register and update the product. Put the below script in the same folder as your Setup.exe file and create an .msi file, as shown below. You will need to replace the licensing information with your information in the first two lines.


You now have an .msi file that will install Malwarebytes unattended, which you can now assign as a software installation to any Group Policy.

Advanced example

The videos below are a customer example of re-packaging and deploying a custom build exe file without leaving any footprinting. This example is useful for distributors or consultants that needs to build a wrapper that includes licensing information for their customers. Press play on the left video to see how this can be done.

You can download the scripts from the video here. If you have an questions for this example, you are welcome to contact the author here.

Deploying MalwareBytes unattendedly with FSH	Creating the MalwareBytes deployment package