I am testing elastic Endpoint, I have installed it in a windows server machine, and when I try to install a malware in my machine it blocks it as expected so it works perfectly, The only problem is that I am not receiving anything in my SIEM.
I would like to uninstall it or stop it to install it again with a new enroll but even as an admin I coudln't stop it.
Could you tell me please how can I do in this case ?
Thanks for your help
Hi @TheHunter1. If you change your Agent to a policy without the Endpoint Security integration, Agent should uninstall Endpoint.
If Agent is no longer running on the machine, you can uninstall the Elastic Endpoint by running the following command as an Administrator. In the future we may add the ability for administrators to make local uninstallation more difficult.
Thanks a lot @gabriel.landau, I could uninstall it using the command that you gave me and install it again and now it's working perfectly.
Yes It would be better for example to be able to add a password to the endpoint, and can't stop it even when we are admin unless if we have the password or something like that
Testing locally I don't see any difference between browsers. They're not doing anything odd/different from each other. They both send an aggregation that has counts for everything and returns the hits so it would be odd that one browser would skip those numbers vs. another browser. There's nothing browser specific.
Also (just thought of this btw), for each browser check your data sources button as they might have changed between browsers which would show this oddness between the two:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.