Forum Discussion

aarkkelin's avatar
2 years ago

Cylance Offline Mode Monitoring

We are looking to try to utilize LM and monitor whether Cylance is running in offline mode on a Windows server. Our SOC was able to determine that if it switches to offline mode (which can happen without the NIC going down), it adds a registry entry:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Cylance\Desktop\VenueStatus

Ideally we’d like to monitor for IF that registry item exists and when it does see it, it would send us an alert. I’m assuming this could be done through some PS scripting. But I’m not sure how to have that data interpreted into a usable data or event source in LM.

Would appreciate any help you guys can offer here.

  • Anonymous's avatar
    Anonymous

    Yeah, just write a PS script using remoting to check if that registry exists and return either a 0 or 1.

  • I’m now realizing this is probably the wrong topic section for this question. Sorry! I’ll re-post in Product Discussion.