I recently ran across some exploit kit modules designed to stymie incident responders by attacking endpoint security agents (Splunk included) and wanted to know if I could hide the Splunk service on my endpoints. The modules do simple string searches for service names so renaming the Splunk Forwarder service to something innocuous would do the trick. Does anyone know how to do this on Windows and Linux hosts without breaking Splunk?