Instructions for using the Response feature to kill the process with WithSecure Endpoint

1 Overview

Response is a feature for remote desktop control and is part of the WithSecure Endpoint EDR product package. Here Techbast will guide you to use this feature to kill the remote computer process

2 Steps to take

The steps are as follows:

  • Create Policy that allows response on specified computer
  • Execute kill process with responsive feature on EDR

2.1 Create policy

At the admin interface, we access Profiles >> Create Profile. Then fill the name of this profile.

Scroll down. We enable the Advanced response feature. Then select Save and Publish

Switch to the Devices section, and select the computer to apply the newly created Policy to allow Response on this machine.

In the Assign section, select Assign profile

Then select the profile just created and then click the Assign button.

2.2 Create Response to kill process

Switch to Endpoint Detection And Response, access Response and then click Create new.

Select the computer to Response then click next.

Here we choose the action we want to perform. Select Kill process. Select Next.

We choose the process name. Then enter the name of the process you want to kill. Here is the Zalo application. Click Next.

Enter a description in the Comments section. Then click Create.

Response is generated. The Finish status means that this response has completed successfully.

At the computer. We check that the Zalo process has been killed.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.