You can manually or automatically kill an already running process. You can trigger the Kill Process remediation action either manually or automatically. Manual action occurs for one time on a specific process, while system takes an automatic action for the processes with critical alerts. AppDefense finds all instances of the CLI, Process Hash, and the Process Path combination on the specified virtual machine. AppDefense then successfully terminates all the instances on the virtual machine where it is running for that instance.

Prerequisites

AppDefense Appliance, AppDefense Guest Module, and AppDefense Host Module must have version 2.3.0.0 or later.

Procedure

  1. To kill a process manually for an instance.
    1. Log in to AppDefense Manager.
      • In the left navigation, click Alerts. The list of uncleared alert appears.

        -OR-

      • In the left navigation, click Events > Monitoring tab. The list of uncleared events appears.
    2. Click the required alert or event. The alert details page appears.
    3. Click Actions > Kill.
      A confirmation dialog box appears.
    4. Click one or more CLIs from the list, and then click Kill Process.
    The Remediation Status column displays the status of the triggered kill process. All alerts under the selected CLI's remediation status are updated. Kill remediation action terminates entire CLI execution for the selected CLI.

  2. AppDefense can automatically kill a process, only when alert is triggered.
    1. Go the required scope, and click the Services tab.
    2. Click the behavior card for which you want to edit the rule settings.
    3. On the process details page, click the More options () icon.
    4. Click Edit service.
    5. Go to the Rules tab.
    6. Go to the required rule, and click Remediation Action as Kill Process, and click enforcement method as Automatically.
    7. Click Update.
    When new critical alerts are triggered, the configured process gets killed automatically. Kill remediation action terminates the entire CLI execution.

Results

The Last Remediation Action column on the Alerts page displays the status of the triggered kill process.

What to do next

For more details on different statuses for the process kill remediation action, refer to the Alert Statuses for the Kill Process Remediation Action.