{"id":19237,"date":"2022-06-02T11:10:04","date_gmt":"2022-06-02T19:10:04","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/06\/02\/news-12970\/"},"modified":"2022-06-02T11:10:04","modified_gmt":"2022-06-02T19:10:04","slug":"news-12970","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/06\/02\/news-12970\/","title":{"rendered":"Introducing EDR for Linux: Remediating and isolating threats on Linux servers"},"content":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Thu, 02 Jun 2022 18:27:55 +0000<\/strong><\/p>\n<p>We\u2019re excited to announce our new EDR for Linux offering, which extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. <\/p>\n<p>In this post, we show you what remediating and isolating threats on Linux servers looks like with Malwarebytes EDR for Linux. <\/p>\n<p>Let\u2019s get started!<\/p>\n<h3><strong>Table of Contents<\/strong><\/h3>\n<ul>\n<li><a href=\"#downloading-the-test-tool\">Part 1: Downloading the test tool <\/a><\/li>\n<li><a href=\"#remediating-endpoints\">Part 2: Remediating endpoints<\/a><\/li>\n<li><a href=\"#endpoint-isolation\">Part 3: Endpoint isolation<\/a><\/li>\n<li><a href=\"#removing-endpoint-isolation\">Part 4: Removing endpoint isolation<\/a><\/li>\n<\/ul>\n<h2 id=\"downloading-the-test-tool\">Part 1: Downloading the test tool<\/h2>\n<p>Malwarebytes EDR for Linux provides a test tool to trigger suspicious activity. <\/p>\n<p>Executing a shell script named <strong>trigger.sh<\/strong>, we downloaded <a href=\"https:\/\/nmap.org\/ncat\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Ncat<\/a> from a Github repository and stored it in a temporary folder. We then ran Ncat from the temporary folder, trying to manipulate SSH authorized keys.<a href=\"https:\/\/malwarebytes.app.box.com\/s\/m1vfm3pxhl98oh2trrssq8bnshj5pfln\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/nmap.org\/ncat\/\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"57164\" data-permalink=\"https:\/\/blog.malwarebytes.com\/image001-1-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited.jpg\" data-orig-size=\"1597,897\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;1652790546&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image001-1\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited-300x169.jpg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited-600x337.jpg\" width=\"1597\" height=\"897\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited.jpg\" alt=\"\" class=\"wp-image-57164\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited.jpg 1597w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited-300x169.jpg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited-600x337.jpg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited-1536x863.jpg 1536w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited-900x506.jpg 900w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image001-1-edited-400x225.jpg 400w\" sizes=\"auto, (max-width: 1597px) 100vw, 1597px\" \/><\/figure>\n<\/div>\n<p>We can see that Ncat is now in our temporary folder.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57161\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/image003-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image003.png\" data-orig-size=\"794,472\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image003\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image003-300x178.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image003-600x357.png\" loading=\"lazy\" width=\"794\" height=\"472\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image003.png\" alt=\"\" class=\"wp-image-57161\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image003.png 794w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image003-300x178.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image003-600x357.png 600w\" sizes=\"auto, (max-width: 794px) 100vw, 794px\" \/><\/figure>\n<\/div>\n<p>Let\u2019s head back to Nebula and check the \u201c<strong>Suspicious activities<\/strong>\u201d tab. At the top, we\u2019ll see that on our <strong>DB-demo-2 <\/strong>endpoint, Ncat in our temporary folder is being flagged as suspicious.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57166\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/image-4-ncat\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image-4-ncat.png\" data-orig-size=\"1545,402\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image-4-ncat\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image-4-ncat-300x78.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image-4-ncat-600x156.png\" loading=\"lazy\" width=\"1545\" height=\"402\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image-4-ncat.png\" alt=\"\" class=\"wp-image-57166\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image-4-ncat.png 1545w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image-4-ncat-300x78.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image-4-ncat-600x156.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image-4-ncat-1536x400.png 1536w\" sizes=\"auto, (max-width: 1545px) 100vw, 1545px\" \/><\/figure>\n<\/div>\n<p>You might be wondering though: why exactly is running Ncat from a temporary folder considered suspicious? To find the reason, we can click on the<strong> \/TMP\/NCAT<\/strong> alert and see what detection rule was triggered.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57169\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-10-52-25-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.52.25-AM.png\" data-orig-size=\"1600,798\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-10.52.25-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.52.25-AM-300x150.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.52.25-AM-600x299.png\" loading=\"lazy\" width=\"1600\" height=\"798\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.52.25-AM.png\" alt=\"\" class=\"wp-image-57169\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.52.25-AM.png 1600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.52.25-AM-300x150.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.52.25-AM-600x299.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.52.25-AM-1536x766.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\" \/><\/figure>\n<\/div>\n<p>As you can see above, we find that the technique triggered is <strong>Command and Scripting Interpreter<\/strong>. The attempt to execute a process from the temp folder &#8211; which gives full privileges &#8211; has been detected.<\/p>\n<p>We can learn more about this particular adversary behavior, as well as which groups leverage these sorts of attacks, by clicking on the \u201c<a href=\"https:\/\/attack.mitre.org\/techniques\/T1059\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"><strong>T1059 &#8211; Command Scripting and Interpreter<\/strong><\/a>\u201d link. This takes us to a MITRE ATT&amp;CK page on the topic.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57170\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-10-53-32-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.53.32-AM.png\" data-orig-size=\"1655,796\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-10.53.32-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.53.32-AM-300x144.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.53.32-AM-600x289.png\" loading=\"lazy\" width=\"1655\" height=\"796\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.53.32-AM.png\" alt=\"\" class=\"wp-image-57170\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.53.32-AM.png 1655w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.53.32-AM-300x144.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.53.32-AM-600x289.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.53.32-AM-1536x739.png 1536w\" sizes=\"auto, (max-width: 1655px) 100vw, 1655px\" \/><\/figure>\n<\/div>\n<h2 id=\"remediating-endpoints\">Part 2: Remediating endpoints<\/h2>\n<p>Now, it\u2019s time to remediate the threat!<\/p>\n<p>Going back to the \u201c<strong>Suspicious Activity\u201d<\/strong> tab, we can bulk select the threats we want to remediate. Under the \u201c<strong>Bulk Actions<\/strong>\u201d tab on the upper-right, a drop-down menu appears with a \u201c<strong>Remediate<\/strong>\u201d option.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57171\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-10-55-13-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.13-AM.png\" data-orig-size=\"1720,823\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-10.55.13-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.13-AM-300x144.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.13-AM-600x287.png\" loading=\"lazy\" width=\"1720\" height=\"823\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.13-AM.png\" alt=\"\" class=\"wp-image-57171\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.13-AM.png 1720w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.13-AM-300x144.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.13-AM-600x287.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.13-AM-1536x735.png 1536w\" sizes=\"auto, (max-width: 1720px) 100vw, 1720px\" \/><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57172\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-10-55-57-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.57-AM.png\" data-orig-size=\"1688,819\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-10.55.57-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.57-AM-300x146.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.57-AM-600x291.png\" loading=\"lazy\" width=\"1688\" height=\"819\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.57-AM.png\" alt=\"\" class=\"wp-image-57172\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.57-AM.png 1688w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.57-AM-300x146.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.57-AM-600x291.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.55.57-AM-1536x745.png 1536w\" sizes=\"auto, (max-width: 1688px) 100vw, 1688px\" \/><\/figure>\n<\/div>\n<p>The remediation process takes about one to two minutes to complete. We can check on the status of our remediation by going to the \u201c<strong>Tasks<\/strong>\u201d tab and clicking on the threat, as shown below.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57173\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-10-57-19-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.57.19-AM.png\" data-orig-size=\"1761,861\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-10.57.19-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.57.19-AM-300x147.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.57.19-AM-600x293.png\" loading=\"lazy\" width=\"1761\" height=\"861\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.57.19-AM.png\" alt=\"\" class=\"wp-image-57173\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.57.19-AM.png 1761w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.57.19-AM-300x147.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.57.19-AM-600x293.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-10.57.19-AM-1536x751.png 1536w\" sizes=\"auto, (max-width: 1761px) 100vw, 1761px\" \/><\/figure>\n<\/div>\n<p>Let\u2019s confirm by checking back on our temp folder. As you can see, Ncat has been removed by our remediation engine.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57175\" data-permalink=\"https:\/\/blog.malwarebytes.com\/image017-2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited.jpg\" data-orig-size=\"958,538\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;1652796652&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"image017\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited-300x168.jpg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited-600x337.jpg\" loading=\"lazy\" width=\"958\" height=\"538\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited.jpg\" alt=\"\" class=\"wp-image-57175\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited.jpg 958w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited-300x168.jpg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited-600x337.jpg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited-900x506.jpg 900w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/image017-edited-400x225.jpg 400w\" sizes=\"auto, (max-width: 958px) 100vw, 958px\" \/><\/figure>\n<\/div>\n<h2 id=\"endpoint-isolation\">Part 3: Endpoint isolation<\/h2>\n<p>We can isolate an endpoint by going over to the \u201c<strong>Endpoints<\/strong>&#8221; tab. After selecting the machine we wish to isolate, we go under the \u201cActions\u201d tab in the upper-right, a drop-down menu appears with a \u201c<strong>Isolate Endpoint(s)<\/strong>\u201d option.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57176\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-00-32-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.00.32-AM.png\" data-orig-size=\"1360,661\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.00.32-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.00.32-AM-300x146.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.00.32-AM-600x292.png\" loading=\"lazy\" width=\"1360\" height=\"661\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.00.32-AM.png\" alt=\"\" class=\"wp-image-57176\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.00.32-AM.png 1360w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.00.32-AM-300x146.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.00.32-AM-600x292.png 600w\" sizes=\"auto, (max-width: 1360px) 100vw, 1360px\" \/><\/figure>\n<\/div>\n<p>We\u2019re given the option to toggle either \u201c<strong>Block network connections<\/strong>\u201d or \u201c<strong>Block Processes&#8217;<\/strong>&#8216; for this device. For this example, we only want to do network isolation.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57178\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-01-18-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.01.18-AM.png\" data-orig-size=\"1359,661\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.01.18-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.01.18-AM-300x146.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.01.18-AM-600x292.png\" loading=\"lazy\" width=\"1359\" height=\"661\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.01.18-AM.png\" alt=\"\" class=\"wp-image-57178\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.01.18-AM.png 1359w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.01.18-AM-300x146.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.01.18-AM-600x292.png 600w\" sizes=\"auto, (max-width: 1359px) 100vw, 1359px\" \/><\/figure>\n<\/div>\n<p>This blocks the endpoint from all outbound and inbound communication &#8211; except trusted communication, such as with Nebula servers or OpenVPN. And, as you see below, we are disconnected from the endpoint and no longer able to ping\u00a0it. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57179\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-02-24-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.02.24-AM.png\" data-orig-size=\"1082,869\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.02.24-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.02.24-AM-300x241.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.02.24-AM-600x482.png\" loading=\"lazy\" width=\"1082\" height=\"869\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.02.24-AM.png\" alt=\"\" class=\"wp-image-57179\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.02.24-AM.png 1082w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.02.24-AM-300x241.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.02.24-AM-600x482.png 600w\" sizes=\"auto, (max-width: 1082px) 100vw, 1082px\" \/><\/figure>\n<\/div>\n<h2 id=\"removing-endpoint-isolation\">Part 4: Removing endpoint isolation<\/h2>\n<p>While we are no longer able to connect to the machine, we are still able to manage it. Going back to the \u201c<strong>Endpoints<\/strong>\u201d tab, we\u2019re able to see the status of our device by clicking on it and going to \u201c<strong>Tasks<\/strong>\u201d.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57180\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-04-01-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.04.01-AM.png\" data-orig-size=\"1697,823\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.04.01-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.04.01-AM-300x145.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.04.01-AM-600x291.png\" loading=\"lazy\" width=\"1697\" height=\"823\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.04.01-AM.png\" alt=\"\" class=\"wp-image-57180\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.04.01-AM.png 1697w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.04.01-AM-300x145.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.04.01-AM-600x291.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.04.01-AM-1536x745.png 1536w\" sizes=\"auto, (max-width: 1697px) 100vw, 1697px\" \/><\/figure>\n<\/div>\n<p>We see that the \u201cIsolating Endpoint\u201d task is successful. To remove the isolation, we start by clicking the lock icon in the upper-right corner, which will prompt a \u201c<strong>Remove Isolation<\/strong>\u201d button.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57181\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-05-08-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.05.08-AM.png\" data-orig-size=\"1762,848\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.05.08-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.05.08-AM-300x144.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.05.08-AM-600x289.png\" loading=\"lazy\" width=\"1762\" height=\"848\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.05.08-AM.png\" alt=\"\" class=\"wp-image-57181\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.05.08-AM.png 1762w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.05.08-AM-300x144.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.05.08-AM-600x289.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.05.08-AM-1536x739.png 1536w\" sizes=\"auto, (max-width: 1762px) 100vw, 1762px\" \/><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57182\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-06-04-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.04-AM.png\" data-orig-size=\"1679,820\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.06.04-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.04-AM-300x147.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.04-AM-600x293.png\" loading=\"lazy\" width=\"1679\" height=\"820\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.04-AM.png\" alt=\"\" class=\"wp-image-57182\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.04-AM.png 1679w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.04-AM-300x147.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.04-AM-600x293.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.04-AM-1536x750.png 1536w\" sizes=\"auto, (max-width: 1679px) 100vw, 1679px\" \/><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57183\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-06-15-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.15-AM.png\" data-orig-size=\"1681,817\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.06.15-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.15-AM-300x146.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.15-AM-600x292.png\" loading=\"lazy\" width=\"1681\" height=\"817\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.15-AM.png\" alt=\"\" class=\"wp-image-57183\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.15-AM.png 1681w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.15-AM-300x146.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.15-AM-600x292.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.06.15-AM-1536x747.png 1536w\" sizes=\"auto, (max-width: 1681px) 100vw, 1681px\" \/><\/figure>\n<\/div>\n<p>When we refresh the page, our \u201c<strong>Remove Endpoint Isolation<\/strong>\u201d task appears with a pending status. Again, give this another minute to resolve to complete.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57184\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-07-39-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.07.39-AM.png\" data-orig-size=\"1664,792\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.07.39-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.07.39-AM-300x143.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.07.39-AM-600x286.png\" loading=\"lazy\" width=\"1664\" height=\"792\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.07.39-AM.png\" alt=\"\" class=\"wp-image-57184\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.07.39-AM.png 1664w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.07.39-AM-300x143.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.07.39-AM-600x286.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.07.39-AM-1536x731.png 1536w\" sizes=\"auto, (max-width: 1664px) 100vw, 1664px\" \/><\/figure>\n<\/div>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57185\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-08-19-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.08.19-AM.png\" data-orig-size=\"1727,824\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.08.19-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.08.19-AM-300x143.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.08.19-AM-600x286.png\" loading=\"lazy\" width=\"1727\" height=\"824\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.08.19-AM.png\" alt=\"\" class=\"wp-image-57185\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.08.19-AM.png 1727w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.08.19-AM-300x143.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.08.19-AM-600x286.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.08.19-AM-1536x733.png 1536w\" sizes=\"auto, (max-width: 1727px) 100vw, 1727px\" \/><\/figure>\n<\/div>\n<p>Now, we have reestablished a connection with the endpoint and can ping it.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" data-attachment-id=\"57186\" data-permalink=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/attachment\/screen-shot-2022-06-02-at-11-09-17-am\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.09.17-AM.png\" data-orig-size=\"1704,833\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Screen-Shot-2022-06-02-at-11.09.17-AM\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.09.17-AM-300x147.png\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.09.17-AM-600x293.png\" loading=\"lazy\" width=\"1704\" height=\"833\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.09.17-AM.png\" alt=\"\" class=\"wp-image-57186\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.09.17-AM.png 1704w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.09.17-AM-300x147.png 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.09.17-AM-600x293.png 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/06\/Screen-Shot-2022-06-02-at-11.09.17-AM-1536x751.png 1536w\" sizes=\"auto, (max-width: 1704px) 100vw, 1704px\" \/><\/figure>\n<\/div>\n<p>Learn more about <a href=\"https:\/\/www.malwarebytes.com\/business\/edr\/server-security\">Malwarebytes EDR for Linux<\/a>.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/\">Introducing EDR for Linux: Remediating and isolating threats on Linux servers<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Malwarebytes Labs| Date: Thu, 02 Jun 2022 18:27:55 +0000<\/strong><\/p>\n<p>Our new EDR for Linux offering extends our advanced protection and response capabilities to Linux devices via Nebula and OneView. <\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/business-2\/2022\/06\/introducing-edr-for-linux-remediating-and-isolating-threats-on-linux-servers\/\">Introducing EDR for Linux: Remediating and isolating threats on Linux servers<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[1001,26400,19941,10496,26401],"class_list":["post-19237","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-business","tag-edr-for-linux","tag-endpoint-detection-and-response","tag-linux","tag-ncat"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=19237"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/19237\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=19237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=19237"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=19237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}