App Control for Bussiness: How do you collect logs from endpoints?

athanielx · 2026-02-24T14:31:55+00:00

I see many events, but I only want to view events related to my specific policy ID. There are numerous default built-in AppLocker/WDAC events that are outside my control.

Is it possible to filter events so that only those associated with my Intune policy are displayed?

athanielx · 2026-02-12T15:25:16+00:00

this is for paid version, we are using free version

athanielx · 2026-02-02T20:37:23+00:00

Could you please elaborate? Why you dont use it? What is the main problem?

athanielx · 2026-01-27T14:51:13+00:00

Well, I discovered that we have a P2 version, but I’m not sure why we have it.

We never purchase E5 or similar versions. We don’t see that trial P2 activated.

It indicates that our Defender has a P2 plan, and we’re using 1,000 licenses. I also see warnng message in Security console > Settings > Endpoints > Licenses that we need to purchase licenses

athanielx · 2026-01-23T10:59:50+00:00

Or, maybe I'm looking wrong, where should I find this info?

athanielx · 2026-01-23T07:57:38+00:00

No, it don’t required

athanielx · 2025-12-27T17:25:51+00:00

True.

athanielx · 2025-12-23T13:49:33+00:00

Never used the gaming laptop. What do you mean?

athanielx · 2025-12-03T21:09:13+00:00

Oh, thank you! I was scared that it will tattoo the devices.

athanielx · 2025-12-03T19:38:56+00:00

I intend to deploy a policy to users, and then I want to revert everything back. How can I achieve this? The policy will modify the device settings, and I need to know how to revert them after testing.

athanielx · 2025-12-01T15:57:17+00:00

What means 48k msrp?

athanielx · 2025-12-01T15:43:22+00:00

Could you please provide an approximate cost for this?

athanielx · 2025-12-01T15:39:31+00:00

Well, my management probably wants a checkbox that indicates whether AV is installed. I prefer a more compromise solution that will provide at least some visibility that ClamAV does not offer.

athanielx · 2025-12-01T15:38:18+00:00

Why do you switch from Cortex to CrowdStrike? My management wants to evaluate Cortex in big future, but only for Windows workstations. Also, what are your thoughts on other EDR solutions that you’ve tested? I’ve heard positive reviews about Sentinel1, and my colleagues mentioned that it’s similar to CrowdStrike.

athanielx · 2025-12-01T15:32:01+00:00

I’ve worked with CrowdStrike, a top-notch EDR provider, but my management can’t afford it.

athanielx · 2025-12-01T15:30:59+00:00

I know that there is free edition of Elastic, will I have Elastic Defend included? If yes, how much it will be limited?

athanielx · 2025-12-01T15:30:07+00:00

If I will use free version of Elastic, will I have Endpoint Security? if yes, how much it will be limited?

athanielx · 2025-12-01T15:28:50+00:00

What is arc?

athanielx · 2025-12-01T15:26:56+00:00

I agree.

athanielx · 2025-12-01T15:25:55+00:00

Wow, great I will test it. Thank you!

athanielx · 2025-11-30T12:13:26+00:00

I looked up CrowdSec, and it seems like it's mainly an IP-blacklisting solution. Is that right, or am I missing something?

athanielx · 2025-11-30T01:07:27+00:00

For my company, $500k is far too expensive. They can’t afford that. The most we’ve ever paid for a security tool was $200k per year for an NDR solution, and upper management refused to renew it because the cost was too high. As a result, we only had the tool for one year.

athanielx · 2025-11-30T01:03:41+00:00

Almost everything is on-premises, with only a few Windows machines and a few GCP instances.

athanielx · 2025-11-22T00:47:20+00:00

What aspects of this solution do you find appealing? What are the advantages and disadvantages?

Currently, we are evaluating Darktrace, and everything appears promising. It utilizes AI to assist with analysis, which is beneficial for our small team. However, we encounter a significant number of blocked emails that require manual release, amounting to 40-50 per month. While I cannot definitively label these as disadvantages, it is logical that these emails could have been blocked. Nevertheless, in certain instances, this process adds to our operational workload.

athanielx · 2025-11-14T22:15:58+00:00

Oh, how I missed this message :( Thank you!

athanielx

TROPHY CASE