Under Review

Live Response read text files; change configuration files etc.

Hello 99%  of my time I use the GUI; so when it comes to use the CMD prompt I feel a little uncomfortable

I am trying to use live response; in the kb and other documentation it is stated that with Live Response on windows you can:

Reboot a device that has pending updates ---I would do it with---  shutdown /r

View list of running processes and choose to terminate anything suspicious ---I would do it with---    tasklist   -- taskkill

Browse the file system to identify anything unexpected --I would do it with---   cd ....

Edit registry key ---I would do it with---    reg add   --Reg query   -- Red delete etc

 

Here are some questions:

View a log file -- from powershell: get-content C:\ProgramData\Sophos\CloudInstaller\Logs\abc.log      -- Are there better ways to view log files?

Install and uninstall software -- You need to have the software on the device; how can I do it from my console if I cannot connect to the GUI of the computer (maybe FTP for the sophos Endpoint software? How?

Edit configuration files -- How can I edit XML; TXT etc. files in windows 10 cmd?

 

Is it possible to copy files from live response on our computer?

What can I do with the Live Response console?

 

It would be great if someone could write a little guide on how to use the "Live Response" console for the most common tasks we should do in troubleshooting the sophos Endpoint problems remotely.

 

Thank you and Best Regards

Giuseppe

 

 

 

 

 

 

 

Parents Comment Children
No Data