You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-iot/organizations/detect-windows-endpoints-script.md
+5-15Lines changed: 5 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -64,7 +64,7 @@ The script detects enriched Windows data, and is run as a utility and not an ins
64
64
65
65
1. Run the `run.bat` file.
66
66
67
-
After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the system name, date, and time of the snapshot with the following syntax: `CX-snaphot_SystemName_Month_Year_Time`
67
+
After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the machine name and the current date and time of the snapshot with the following syntax: `cx_snapshot_[machinename]_[current date time]`.
68
68
69
69
Files generated by the script include:
70
70
@@ -88,21 +88,9 @@ After having run the script as described [earlier](#download-and-run-the-script)
88
88
89
89
:::image type="content" source="media/detect-windows-endpoints-script/import-wmi-script.png" alt-text="Screenshot of where to import WMI script." lightbox="media/detect-windows-endpoints-script/import-wmi-script.png":::
90
90
91
-
1. Select **Close**. The device registry information is imported and a successful confirmation message is shown.
92
-
93
-
If there's a problem uploading one of the files, you'll be informed which file upload failed.
94
-
95
-
## Offline WMI
96
-
97
-
To preform offline WMI:
98
-
99
-
1.[Download the script](#download-and-run-the-script), then extract it.
91
+
## View devices applications report
100
92
101
-
1. Run `run.bat` as administrator directly on the Windows endpoint.
102
-
103
-
After the script runs to probe the registry, a CX-snapshot file appears with the registry information. The filename indicates the machine name and the current date and time of the snapshot with the following syntax: `cx_snapshot_[machinename]_[current date time]`.
104
-
105
-
1.[Import](#import-device-details) the received output file to the sensor.
93
+
After [downloading and running](#download-and-run-the-script) the script, then [importing](#import-device-details) the generated data to your sensor, you can view your devices applications with a custom data mining report.
0 commit comments