Stopping Elastic Endpoint service

Hello,

While testing with Elastic Endpoint on my home Windows 10, I noticed I can stop the service with no issue at all.

Service Name: ElasticEndpoint

What would stop a bad actor from stopping the service? if I remember correctly in order to stop the service of some other edr's at work, I need a password. Is there a way to password protect the service?

Grtz

Willem

Hi @willemdh, thank you for the feedback. Right now, there is no password needed to stop Elastic Endpoint Security on the host, but it is something we're considering in our roadmap for future improvements.

@ferullo Ok, thanks for the info.

Actually I had a quick look at our McAfee and Cylance EDR's and apparently their services are not password protected, but the service / process seems unstoppable.

For McAfee the service can be stopped through the McAfee Endpoint Security gui (from the endpoint), but only once you login the gui as a McAfee administrator.

The processes also can't be stopped through task manager (although I'm admin):

Please note that we would need this kind of functionality for us to start using Elastic Endpoint Security in production. I'm sure there are workarounds, but it should not be as easy as just stopping the service / process imho..

Grtz

Willem

Hi again @willemdh don't worry, what you're talking about is definitely on our roadmap. With the initial beta release we wanted to make sure any issues users ran in to they were easily able to recover from.

1 Like