Hello 99% of my time I use the GUI; so when it comes to use the CMD prompt I feel a little uncomfortable
I am trying to use live response; in the kb and other documentation it is stated that with Live Response on windows you can:
Reboot a device that has pending updates ---I would do it with--- shutdown /r
View list of running processes and choose to terminate anything suspicious ---I would do it with--- tasklist -- taskkill
Browse the file system to identify anything unexpected --I would do it with--- cd ....
Edit registry key ---I would do it with--- reg add --Reg query -- Red delete etc
Here are some questions:
View a log file -- from powershell: get-content C:\ProgramData\Sophos\CloudInstaller\Logs\abc.log -- Are there better ways to view log files?
Install and uninstall software -- You need to have the software on the device; how can I do it from my console if I cannot connect to the GUI of the computer (maybe FTP for the sophos Endpoint software? How?
Edit configuration files -- How can I edit XML; TXT etc. files in windows 10 cmd?
Is it possible to copy files from live response on our computer?
What can I do with the Live Response console?
It would be great if someone could write a little guide on how to use the "Live Response" console for the most common tasks we should do in troubleshooting the sophos Endpoint problems remotely.
Thank you and Best Regards