Hi all!
There's two configuration when you click Endpoint Security integration.
One is "Protections" and the other one is "Settings".
My question is : If you disable malware protection, does agent only collects events? Or does it just not work?
I wonder protection and collection work separately.
TIA
I'm pretty sure " Malware Protections Enabled toggle" controls Prevent and Detect, so if you toggle that off neither will work. So you want to leave the toggle on and have PREVENT checked on and you will collect events related to malware.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
