Query - Are any Sophos services not running?

REVIEWED by Sophos

Sometimes adversaries are able to stop Sophos services, or the endpoint has had an install or update issue. As long as the live discover services are up an running you can find devices that do not have all the needed Sophos services running.

SELECT
name,
display_name,
start_type,
path,
status,
user_account
FROM services
WHERE (path like '%sophos%' or path like '%hitman%')
AND status <> 'RUNNING';

Karl_Ackerman

Parents

Dominic Taylor1 over 4 years ago

This is what I am looking for, but how would I use it to find if Network Threat Protection is not running on the device.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Comment

Dominic Taylor1 over 4 years ago

This is what I am looking for, but how would I use it to find if Network Threat Protection is not running on the device.
- Cancel
- Vote Up 0 Vote Down
- More
- Cancel

Children

No Data

Uncategorized

Anomalies

ATT&CK

Cloud Optix

Compliance

Data Lake

Device

Email

Events

Files

Live Response

Network

Other queries

Processes

Query Tips

Registry

Threat Hunting

User

Query - Are any Sophos services not running?