topic Re: Harmony Endpoint - Malicious files attacks, (Active and Dormant) in Endpoint

Harmony Endpoint - Malicious files attacks, (Active and Dormant)

freeman91 — Sat, 06 Apr 2024 17:17:41 GMT

Hi,

I need an advice, what is the best practice how to get rid of Active and Dormant logs (files)?
Is it possible to remove them?
For example, one of the Active attack is file named add209cc-0fb9-4a38-9450-ee66a961af49.tmp

Protection Name: Gen.Rep.

Protection Type: Offline Reputation

File Type: tmp

And, what under Forensics Details ->

Remediated Files: svchost.exe(Termination disabled in policy), {add209cc-0fb9-4a38-9450-ee66a961af49}.tmp(Deleted before) mean? Shoul I enable it?

Re: Harmony Endpoint - Malicious files attacks, (Active and Dormant)

CheckBoy — Thu, 25 Apr 2024 07:29:05 GMT

have the same question. How can an Active Attack be acknowledged in Cloud Endpoint? Is it possible?

Re: Harmony Endpoint - Malicious files attacks, (Active and Dormant)

BrianG — Wed, 31 Jul 2024 17:09:31 GMT

Same question, I ran a forensic analysis on a file to see more information about it, but it created an active attack and I do not see any way to dismiss it.