I recently ran a LM simulation, which i manually stopped from the console because of time. Now, a week later, my EDR is still alerting me on memory or registry access attempts from the hopper. I checked the computer only to realize there is a CYM_hopper service running in the windows services, so it appears that the LM didn’t cleanup itself properly when terminated.
Is there a way from Cymulate portal to clean up or does this have to be manually done at each affected computer?
