nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Windows ARM64: Response Actions Support Now Available

We are pleased to announce that response actions are now supported on Windows ARM64 systems.

Windows ARM64 support has already been available for the Endpoint Protection Platform (EPP) and the EDR sensor. With this update, response capabilities are extended to Windows ARM64 endpoints, completing functional parity with other supported Windows architectures for Endpoint Detection and Response (EDR). For more information on Response Actions, please check the User Guide.

As a result, Windows on ARM64 now has full EDR coverage, including prevention, detection, investigation, and response.

Supported Windows Response Actions on ARM64

The following Windows response actions are available on Windows ARM64 endpoints.

Investigative actions

Collect forensics package
Enumerate processes
Enumerate scheduled tasks
Enumerate services
Enumerate WMI persistence
Map file system
Map registry
Netstat
Process memory dump
Retrieve Amcache
Retrieve antivirus log files
Retrieve browser artefacts
Retrieve event log entries
Retrieve event log files
Retrieve event log tracing entries
Retrieve files
Retrieve folders
Retrieve jumplist files
Retrieve master boot record (MBR)
Retrieve master file table (MFT)
Retrieve Prefetch
Retrieve recently accessed
Retrieve registry hives
Retrieve remote desktop protocol cache files (RDP)
Retrieve System resource usage monitoring database (Scrumdb)
Retrieve PowerShell history
Test Connections

Containment and remediation actions

Kill process
Kill thread
Delete file
Delete registry
Delete scheduled tasks
Delete services
Delete WMI persistence

Not Supported on Windows ARM64

The following response action is not supported on Windows ARM64 at this time:

Full Memory Dump

All other Windows response actions listed above are supported and available for use on ARM64 systems.

Important note on ARM64 Channel Subscription

If you encounter issues after subscribing an endpoint to the ARM64 channel, a restart of the client may be required to ensure that the updated components and response capabilities are fully activated.