HIP check - check if a non running process present

Reply
L1 Bithead

HIP check - check if a non running process present

I configured a HIP check for a non-running process, but the GP doesn't detect it.

Have someone got it working?

 

2018-04-11 HIP process 01.PNG2018-04-11 HIP process 02.PNG2018-04-11 HIP process 03.PNG2018-04-11 HIP process 04.PNG2018-04-11 HIP process 05.PNG

 

 

L7 Applicator

Re: HIP check - check if a non running process present

To check if a service is installed on a system you have to use the registry: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-serv...

Another solution does not exist as a non-running process simply is an executable somewhere on the filesystem. So GP would have to search the drives for an executable name that you have specified and this could easily be spoofed.

L1 Bithead

Re: HIP check - check if a non running process present

It is supported by PaloAlto:

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/objects-gl...

 

Process List
To check the host system for a specific process, click Add and then enter the process name. By default, the agent checks for running processes; if you just want to see if a specific process is present on the system even if not running, clear the Running selection.

 

 

L7 Applicator

Re: HIP check - check if a non running process present

I might be wrong, but I think the description in that documentarion is not very clear and the comment on that page writes something about suspended processed. But a not-running process simply is an executable somewhere on the filesystem, so I am back at my first comment here.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!