On a Windows host, what is the best command to determine if the sensor is currently running?
On a Windows host, what is the best command to determine if the sensor is currently running?
To determine if a sensor is running on a Windows host, the most appropriate command is 'sc query csagent'. This command queries the service control manager for the status of the 'csagent' service, which is typically the service name for the sensor. This will provide detailed information on whether the service is running, stopped, or in another state. The other options such as 'netstat -a', 'This cannot be accomplished with a command', and 'ping falcon.crowdstrike.com' do not directly verify the status of a specific service in the system.
A is definitely the correct answer. Did it so many times. Also checked the documentation
A is correct answer with the command sc.exe query csagent
A is correct
A is correct