Hello,
While testing with Elastic Endpoint on my home Windows 10, I noticed I can stop the service with no issue at all.
Service Name: ElasticEndpoint
What would stop a bad actor from stopping the service? if I remember correctly in order to stop the service of some other edr's at work, I need a password. Is there a way to password protect the service?
Grtz
Willem
Hi @willemdh, thank you for the feedback. Right now, there is no password needed to stop Elastic Endpoint Security on the host, but it is something we're considering in our roadmap for future improvements.
@ferullo Ok, thanks for the info.
Actually I had a quick look at our McAfee and Cylance EDR's and apparently their services are not password protected, but the service / process seems unstoppable.
For McAfee the service can be stopped through the McAfee Endpoint Security gui (from the endpoint), but only once you login the gui as a McAfee administrator.
The processes also can't be stopped through task manager (although I'm admin):
Please note that we would need this kind of functionality for us to start using Elastic Endpoint Security in production. I'm sure there are workarounds, but it should not be as easy as just stopping the service / process imho..
Grtz
Willem
Hi again @willemdh don't worry, what you're talking about is definitely on our roadmap. With the initial beta release we wanted to make sure any issues users ran in to they were easily able to recover from.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
