Issue
Process marked as Unwanted Software (OneLaunch.exe) allowed to run despite an automation playbook that requested processes related to Indicators of Compromise (IOCs) be killed, and files related to IOCs be deleted/captured.
Environment
Red Canary
Resolution
Unwanted Software (non-IOC) processes cannot be killed nor their files deleted/captured via an automation playbook, based on currently available playbook options. Learn more about managing unwanted software at https://docs.redcanary.com/docs/potentially-unwanted-programs-applications.
Cause
The Unwanted Software in question was not marked as an IOC in Red Canary detectors. As a result, the automations in the playbook that were specifically designed to run on IOCs were skipped over.