Terminate Process task

Procedure

1. After identifying the suspicious process, access the context or response menu and click Terminate.
   The Terminate Task screen appears.
2. Confirm the targets of the response.

   Important This task is only available for certain operating systems. You can only select endpoints running compatible operating systems.

3. Specify a Description for the response or event.
4. Click Create.
   Trend Vision One creates the task and displays the current task status in Response Management.
5. Monitor the task status.
   1. Open Response Management.
   2. (Optional) Locate the task using the Search field or by selecting Terminate from the Action drop-down list.
   3. View the task status.
      • In progress (): Trend Vision One sent the command and is waiting for a response.
      • Queued (): The managing server queued the command because the agent was offline.
      • Successful (): The command was successfully executed.
      • Unsuccessful (): An error or time-out occurred when attempting to send the command to the managing server, the agent is offline for more than 24 hours, or the command execution timed out.

      Important The Task status indicates whether the managing server was able to successfully receive and execute the command. If the command target is a Security Agent, the Task status does not necessarily indicate whether the target Security Agent or object successfully executed the command. To prevent endpoints from restarting terminated processes, block the object using the User-Defined Suspicious Objects List. For more information, see Add to Block List task.