Is it possible to monitor specific progress status with Host Integrity (HI) policy in endpoint protection? The answer is yes.
Here is a simple example of how to set the requirement in HI policy.
Details steps as below:
1. Edit HI policy--> click Requirements--> click "add" button--> select client platform: Windows and select "Custom requirement", click Ok:
2. On the custom requirement page, click add--> IF..THEN,
2.1. Under IF--> select a condition: Utility: Process is running and input process file name, here for example cmd.exe or c:\windows\cmd.exe:
2.2. Under THEN--> add Function Utility: log message, and input message under log description: cmd running:
2.3. Under THEN, add ELSE, Under ELSE--> add Function Utility: log message, and input message under log description:cmd not running:
Keep other HI policy settings as default, assign the HI policy to specific group.
3. Test HI policy as below:
3.1. Run cmd.exe manually.
3.2. open SEP UI--> view log--> click view logs by client management--> view security log as below:
Host Integrity message shows up and message is "cmd running".
Open Endpoint Protection Manager console--> Monitors--> Logs--> Log type: Compliance, Log content: Client Host Integrity--> view log
The same HI event logs present. Besides, you can view Details for more information about the specific event as below.
