Response is a feature for remote desktop control and is part of the WithSecure Endpoint EDR product package. Here Techbast will guide you to use this feature to kill the remote computer process
2 Steps to take
The steps are as follows:
- Create Policy that allows response on specified computer
- Execute kill process with responsive feature on EDR
2.1 Create policy
At the admin interface, we access Profiles >> Create Profile. Then fill the name of this profile.
Scroll down. We enable the Advanced response feature. Then select Save and Publish
Switch to the Devices section, and select the computer to apply the newly created Policy to allow Response on this machine.
In the Assign section, select Assign profile
Then select the profile just created and then click the Assign button.
2.2 Create Response to kill process
Switch to Endpoint Detection And Response, access Response and then click Create new.
Select the computer to Response then click next.
Here we choose the action we want to perform. Select Kill process. Select Next.
We choose the process name. Then enter the name of the process you want to kill. Here is the Zalo application. Click Next.
Enter a description in the Comments section. Then click Create.
Response is generated. The Finish status means that this response has completed successfully.
At the computer. We check that the Zalo process has been killed.