The sensor could be configured to run in detection-only mode, to limit its ability to terminate processes.
Note: configuring the sensor to run in detection-only mode requires the system administrator to terminate malicious processes manually in case of an attack.
The minimum sensor version is 0.3.3. In case you are configuring an already installed sensor, verify the sensor version in the assets page in Intezer Protect console.
After sensor installation, edit the file /etc/intezer/config.yml (requires sudo privileges).
Add the following line to the end of the file:
Restart the sensor by running:
sudo systemctl restart intezer-protect
sudo initctl restart intezer-protect
- SystemV Init:
sudo service intezer-protect restart