Good morning everyone!
I think Elastic Endpoint (or Elastic Defend) is a valid antivirus.
I would like to understand one thing.
How can I temporarily disable the antivirus on a specific host?
I am the administrator, but even if I try to access CMD as administrator, it does not stop the Elastic Endpoint service.
Thanks in advance
Hi ArgoAdvisory,
The easiest way to temporarily disable it would be to move the host to a policy that doesn't include the defend integration or depending on the number of hosts the policy applies to, to remove the defend integration from that policy.
Is that a workable solution for your case? If it isn't, I would be interested in hearing more about your use case and figuring out if there would be alternatives that still maintain a minimal impact on the overall security of the system.
Thanks!
Hi NickFritts,
Thanks for the quick reply!
Yes, your solution works for me. Thanks!
I just need to disable my Elastic Defend every now and then to do some work, so it's just a single host.
Is there a "temporarily disable" button added in the roadmap?
Thank you!
Defend is designed to be administered exclusively through Kibana. It's not intended to be administered by local admins because malware often obtains local admin rights.
From the Fleet screen, it's only a few clicks to reassign an Agent's policy.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.