0
(0)

You can use this simple test to generate a monitored event on the endpoint to make sure that the Sensor is installed and working correctly.

To run the test, follow these instructions:

    1. Log in to the monitored endpoint where you have deployed the sensor.
    2. Open the command prompt.
    3. Run the command to create a monitored event: whoami
    4. Run the following command to exit the command prompt: exit
    5. Log out from the monitored endpoint.
    6. Log in to the F-Secure Elements Endpoint Detection and Response portal.
    7. View the recent Broad Context Detections.

The created event should be listed in the recent events.

Users do not usually run the whoami command and it may indicate that an attacker is trying to discover local user accounts on the endpoint for credential access or privilege escalation.

Source : Official F-Secure Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 10 times, 1 visits today)