View, Modify, or Delete a Process
The Processes Management page in the ESM Console displays all the processes that your organization’s security policy protects. To change or delete a process, you must first remove the process from any associated rules.
- Navigate to the Process Management page.From the ESM Console, select PoliciesExploitProcess Management.
- Select the type of operating system for which you want to manage processes.
- View the processes in the Process Management table.Use the paging controls at the top of the table to view different portions of the table.The following fields are displayed:
- Process—Filename of the process executable file.
- Protection Type—Protected, Unprotected, or Provisional.
- Computers—Number of endpoints on which the process has run.
- Linked Rules—Number of rules configured for the process.
- Discovered On—Name of the endpoint on which the process was first discovered.
- First Seen—Date and time the process was first discovered on the endpoint (after receiving a rule to report new processes).
- Delete or change the process.If the process is used in any rules, you must first unlink (remove) the process from the rule.You can not unlink processes from default rules and, as a result, you cannot remove any processes specified in default rules.After the process is unlinked, you can select the name of the process and do any of the following:
- Delete the process.
- Change the Process Name and then Save your changes.
- Change the Protection Type and then Save your changes. For more information, see Process Protection Types.
Collect New Process Information
Collect New Process Information By default, Traps protects the most commonly used and well-known processes on your endpoints. In addition, when WildFire is enabled, Traps ...
Process Management Process Protection Types Processes Protected by the Default Policy Add a New Protected Process Import or Export a Process View, Modify, or Delete ...
Create an Exploit Protection Rule
Create an Exploit Protection Rule An exploit protection rule uses exploit protection modules (EPMs) to protect processes in your organization from specific exploitation techniques. Each ...
Process Protection Types
Process Protection Types The ESM Console categorizes each process by a Protection Type: Protected —Indicates that the process is actively protected by exploit protection rules ...
Add a New Protected Process
Add a New Protected Process A process is an active instance of a program that is executed by the operating system. You can view all ...
Maintain the Endpoints and Traps
Maintain the Endpoints and Traps On a daily or weekly basis, perform the following actions: Examine the Dashboard to verify that the Traps agent is ...
Configure Child Process Protection
Configure Child Process Protection The Child Process Protection MPM for Windows endpoints prevents script-based attacks used to deliver malware such as ransomware. To prevent these ...
Configure the Gatekeeper Enhancement MPM
Configure the Gatekeeper Enhancement MPM The Gatekeeper Enhancement MPM is an enhancement of the macOS gatekeeper functionality which allows apps to run based on their ...
Exploit Protection Rules
Exploit Protection Rules An exploit protection rule uses exploit protection modules (EPMs) to protect processes in your organization from specific exploitation techniques. An EPM is ...