Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
freeman91
Participant

Harmony Endpoint - Malicious files attacks, (Active and Dormant)

Hi,

I need an advice, what is the best practice how to get rid of Active and Dormant logs (files)?
Is it possible to remove them?
For example, one of the Active attack is file named add209cc-0fb9-4a38-9450-ee66a961af49.tmp

Protection Name: Gen.Rep.
Protection Type: Offline Reputation
File Type: tmp
 

And, what under Forensics Details ->

Remediated Files: svchost.exe(Termination disabled in policy), {add209cc-0fb9-4a38-9450-ee66a961af49}.tmp(Deleted before) mean? Shoul I enable it?
 
2 Replies
CheckBoy
Explorer

have the same question. How can an Active Attack be acknowledged in Cloud Endpoint? Is it possible?

0 Kudos
BrianG
Explorer

Same question, I ran a forensic analysis on a file to see more information about it, but it created an active attack and I do not see any way to dismiss it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events