View, Modify, or Delete a Process

The Processes Management page in the ESM Console displays all the processes that your organization’s security policy protects. To change or delete a process, you must first remove the process from any associated rules.
  1. Navigate to the Process Management page.
    From the ESM Console, select PoliciesExploitProcess Management.
  2. Select the type of operating system for which you want to manage processes, either Windows or macOS.
  3. View the processes in the Process Management table.
    Use the paging controls at the top of the table to view different portions of the table.
    The following fields are displayed:
    • Process—Filename of the process executable file.
    • Protection Type—Protected, Unprotected, or Provisional.
    • Computers—Number of endpoints on which the process has run.
    • Linked Rules—Number of rules configured for the process.
    • Discovered On—Name of the endpoint on which the process was first discovered.
    • First Seen—Date and time the process was first discovered on the endpoint (after receiving a rule to report new processes).
  4. Delete or change the process.
    If the process is used in any rules, you must first unlink (remove) the process from the rule.
    You can not unlink processes from default rules and, as a result, you cannot remove any processes specified in default rules.
    After the process is unlinked, you can select the name of the process and do any of the following:
    • Delete the process.
    • Change the Process Name and then Save your changes.
    • Change the Protection Type and then Save your changes. For more information, see Process Protection Types.

Related Documentation