Did you check your Elastic Defend policy? Can you post a screenshot?
Malware protections should catch it from on disk execution, but you need Prevent mode to have it stopped.
I would check again if the policy was actually applied on the endpoint, and if the output works to let Endpoint deliver the alert to the stack.
Policy update takes some time. I'm not familiar with the details what happens in the stack until it reaches the target machine.
Thats ok , at least it is working as healthy ,I think I can manage that . I am grateful ! thanks for your time very much
If anyone have idea about this issue and share to me , that will be great !




