This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Bac26
Contributor
‎2023-03-24 02:30 AM

Stop endpoint proccess

Hello

do you know any way to stop endpoint process? like anti-malware, forensics . Passdialog seems not working anymore and create a policy with no blade installed dont seems nice solution

 

Thank you

0 Kudos
21 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-03-24 05:43 AM

What is the objective of stopping the 'processes' in this context?

CCSM R77/R80/ELITE
0 Kudos
Bac26
Contributor
‎2023-03-25 03:07 AM
In response to Chris_Atkinson

Hello Chris

For troubleshooting purpose or it happened got stuck some processes and neeeded reboot machine but when is a server not nice

Br

 

 

 

 

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-03-25 03:54 AM
In response to Bac26

Which version of endpoint client are you currently using and where from / how long ago did you obtain passdialog ?

CCSM R77/R80/ELITE
0 Kudos
Bac26
Contributor
‎2023-03-25 04:07 AM
In response to Chris_Atkinson

Version 87.00 and got from support but don't work so try see if other way to stop services

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-03-25 05:05 AM
In response to Bac26

@jcortez Are you aware of any issues with passdialog and E87.x?

CCSM R77/R80/ELITE
0 Kudos
jcortez
Employee
Employee
‎2023-04-03 03:53 PM
In response to Chris_Atkinson

@Chris_Atkinson 

There would be an issue if the older PassDialog.exe tool was being used. I order to use the correct version of PassDialog.exe, you would need to trigger the uninstall of our client and then cancel out the uninstall once you get the password prompt.

 

You would then need to navigate to C:\Users\<your user name>\AppData\Local\Temp\ and then search for PassDialog.exe. For example, this is where mine was created:

C:\Users\jcortez\AppData\Local\Temp\{30921FC7-785C-4B11-9390-840B403E39DA}\

 

 

We no longer provide the PassDialog.exe and Hash.exe tools from support since R&D made it available when triggering the endpoint client uninstall. If a PassDialog.exe tool was provided to the customer, it will not work. Each is version specific AFAIK.


Justin Cortez
Technology Leader | Endpoint Cyber Security Products | Americas Endpoint Team
the_rock
Legend
Legend
‎2023-03-25 06:12 AM

Since old SBA (aka harmony endpoint now) is EDR solution, I believe it can only be stopped/termniated from the portal itself. Do you see any options from the portal or endpoint dashboard to stop it?

Andy

0 Kudos
Bac26
Contributor
‎2023-03-25 06:36 AM
In response to the_rock

Nothing from portal neither from endpoint dashboard 

0 Kudos
the_rock
Legend
Legend
‎2023-03-25 07:52 AM
In response to Bac26

Are you managing this with cloud portal or on prem endpoint server?

Andy

0 Kudos
Bac26
Contributor
‎2023-03-27 01:32 AM
In response to the_rock

on premises...

0 Kudos
the_rock
Legend
Legend
‎2023-03-26 06:39 PM
In response to Bac26

Hey @Bac26 , just curious, were you able to sort this out?

Hope you contacted TAC if you haven't already.

Cheers mate.

Andy

0 Kudos
Bac26
Contributor
‎2023-03-27 01:33 AM
In response to the_rock

no they closed my ticket because after reboot the services restarted, but this is not the way

0 Kudos
the_rock
Legend
Legend
‎2023-03-27 04:54 AM
In response to Bac26

You mean reboot of that particular endpoint?

0 Kudos
Bac26
Contributor
‎2023-03-27 06:14 AM
In response to the_rock

exactly

0 Kudos
the_rock
Legend
Legend
‎2023-03-27 06:28 AM
In response to Bac26

K, so sounds like specific process was stuck. Not sure if there is anything TAC could give you after the fact...

0 Kudos
Bac26
Contributor
‎2023-03-27 06:48 AM
In response to the_rock

i just need a procedure to stop single process without rebooting in this case a server.

0 Kudos
the_rock
Legend
Legend
‎2023-03-27 06:50 AM
In response to Bac26

The only 2 logical ways I can think of would be either via task manager on the PC itself or via endpoint dashboard, but maybe someone else can confirm for you.

0 Kudos
Bac26
Contributor
‎2023-03-27 06:57 AM
In response to the_rock

both already checked not possible..

0 Kudos
Valerio5286
Participant
‎2024-08-14 10:39 AM
In response to Bac26

Hi @Bac26.

Do you have any solution?
I have the same problem.
Regards.

0 Kudos
AdiGH
Employee
Employee
‎2024-08-14 11:32 AM
In response to Valerio5286

You can use Push Op -- > Agent Settings --> Kill process 

0 Kudos
JonnyRabinowitz
Employee
Employee
‎2024-08-16 01:19 AM
In response to AdiGH

There is an option to disable capabilities on a client. This can be set from the Client Settings Policy. This was also enhanced in client release E88.30 to add "Password Protection" and a "Timeout"; an interval after which the capabilities are restored. These additional configuration items are available in cloud management. I am not sure whether these additional settings are available on premise

When capabilities are "disabled" I am not sure what happens under the covers and whether the relevant processes are stopped - I will try and check/ In any case may be worth trying

I also refer to the "Harmony Endpoint Packing a Punch Webinar" 

https://community.checkpoint.com/t5/Endpoint/Harmony-Endpoint-Packing-a-Punch-Video-Slides-and-Q-amp...

where some of these capabilities were discussed

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events