Hello everyone,
Is it possible or if there's way to delete a file from the console detected by Elastic defend.?
execute action can be used for that
Yes you'll have to use OS specific command, all is documented here
Hi @lesio
Thanks for the feedback and the Link provided.
i went through the documents but still its still not clear how to utilize execute action to delete the file.
If possible can you please share example on how to delete the file using execute action command?
Thanks.
Hello, I re-read your original question. I'm not sure what do you mean by "detected". If Endpoint works in prevention mode such detected file gets quarantined.
However if Endpoint works in detection only mode, the file will be left intact. On which OS do you experience problems with it? Indeed you might need to leverage additional shell commands to understand the file permission and utilize runas, depending on your environment.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.