Prohibited Software On Endpoint
This search looks for applications on the endpoint that you have marked as prohibited.
This content is not mapped to any local saved search. Add mapping
Prohibited Software On Endpoint Help
To successfully implement this search, you must be ingesting data that records process activity from your hosts to populate the endpoint data model in the processes node. This is typically populated via endpoint detection-and-response products, such as Carbon Black or endpoint data sources, such as Sysmon. The data used for this search is usually generated via logs that report process tracking in your Windows audit settings. In addition, you must also have only the
Open in Search