Is it possible to monitor specific progress status with Host Integrity (HI) policy in endpoint protection? The answer is yes.
Here is a simple example of how to set the requirement in HI policy.
Details steps as below:
1. Edit HI policy--> click Requirements--> click "add" button--> select client platform: Windows and select "Custom requirement", click Ok:
Image may be NSFW.
Clik here to view.
2. On the custom requirement page, click add--> IF..THEN,
Image may be NSFW.
Clik here to view.
2.2. Under THEN--> add Function Utility: log message, and input message under log description: cmd running:
Image may be NSFW.
Clik here to view.
2.3. Under THEN, add ELSE, Under ELSE--> add Function Utility: log message, and input message under log description:cmd not running:
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Open Endpoint Protection Manager console--> Monitors--> Logs--> Log type: Compliance, Log content: Client Host Integrity--> view log
The same HI event logs present. Besides, you can view Details for more information about the specific event as below.
Image may be NSFW.
Clik here to view.
