Did you check your Elastic Defend policy? Can you post a screenshot?
Malware protections should catch it from on disk execution, but you need Prevent mode to have it stopped.
I would check again if the policy was actually applied on the endpoint, and if the output works to let Endpoint deliver the alert to the stack.
It seems the policy is not applied .. it is not in the status
But if you see the fleet server , it says it is applying the policy ,and it is running
And it is talking to elastic as it should
what could be the reason ?
Policy update takes some time. I'm not familiar with the details what happens in the stack until it reaches the target machine.
Thats ok , at least it is working as healthy ,I think I can manage that . I am grateful ! thanks for your time very much
If anyone have idea about this issue and share to me , that will be great !
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.