I'm looking through a series of endpoint events, and do not see the hash of the process or file. The events are in endpoint.events.registry in this case. The hash is important, because its easy to cut and paste that into virustotal to see if its a known problem. Is there a reason the hash is excluded from the event collection process?
Could you paste your endpoint policy to discuss?
What integrations are you using in your policy? Could you please describe better what is happening?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.