Hi @RahulPrajapati users cannot uninstall or disable any functionalities without the Agent password defined globally or in Agent settings profile applied to a host. If you have a PoC to demonstrate the bypass, we can definitely take a deep dive at it to fix the issue.
In short, you won't get a notification for such behavior at this point in time.
Hi @bbarmanroy ,
Some local engineers had the uninstall password so we have changed it. I can see the Agent service stop logs from Agent Audit logs. But many of them can possibly means that system got shutdown and so Agent service got stop. But if any user tries to disable the agent service using cytool command. Can we know that information from the Agent audit logs?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!