HIP check - check if a non running process present

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

HIP check - check if a non running process present

L1 Bithead

I configured a HIP check for a non-running process, but the GP doesn't detect it.

Have someone got it working?

 

2018-04-11 HIP process 01.PNG2018-04-11 HIP process 02.PNG2018-04-11 HIP process 03.PNG2018-04-11 HIP process 04.PNG2018-04-11 HIP process 05.PNG

 

 

3 REPLIES 3

L7 Applicator

To check if a service is installed on a system you have to use the registry: https://docs.microsoft.com/en-us/windows-hardware/drivers/install/hklm-system-currentcontrolset-serv...

Another solution does not exist as a non-running process simply is an executable somewhere on the filesystem. So GP would have to search the drives for an executable name that you have specified and this could easily be spoofed.

It is supported by PaloAlto:

https://www.paloaltonetworks.com/documentation/80/pan-os/web-interface-help/globalprotect/objects-gl...

 

Process List
To check the host system for a specific process, click Add and then enter the process name. By default, the agent checks for running processes; if you just want to see if a specific process is present on the system even if not running, clear the Running selection.

 

 

I might be wrong, but I think the description in that documentarion is not very clear and the comment on that page writes something about suspended processed. But a not-running process simply is an executable somewhere on the filesystem, so I am back at my first comment here.

  • 4169 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!