View, Modify, or Delete a Process
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
View, Modify, or Delete a Process
The Processes Management page in the ESM Console
displays all the processes that your organization’s security policy
protects. To change or delete a process, you must first remove the
process from any associated rules.
- Navigate to the Process Management page.From the ESM Console, select PoliciesExploitProcess Management.
- Select the type of operating system for which you want to manage processes.
- View the processes in the Process Management table.Use the paging controls at the top of the table to view different portions of the table.The following fields are displayed:
- Process—Filename of the process executable file.
- Protection Type—Protected, Unprotected, or Provisional.
- Computers—Number of endpoints on which the process has run.
- Linked Rules—Number of rules configured for the process.
- Discovered On—Name of the endpoint on which the process was first discovered.
- First Seen—Date and time the process was first discovered on the endpoint (after receiving a rule to report new processes).
- Delete or change the process.If the process is used in any rules, you must first unlink (remove) the process from the rule.You can not unlink processes from default rules and, as a result, you cannot remove any processes specified in default rules.After the process is unlinked, you can select the name of the process and do any of the following:
- Delete the process.
- Change the Process Name and then Save your changes.
- Change the Protection Type and then Save your changes. For more information, see Process Protection Types.