Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

Description of Incident Status in SandBlast Agent Forensics

Active:

Malicious process was executed and the system was infected. Termination and quarantine of the process or other elements of the attack is disabled in policy or failed.

Cleaned:

Malicious process was executed and the system was infected. Termination and quarantine of all attack elements succeeded. 

The system still might be damaged.

Dormant:

No malicious process was executed, but the system was infected. Quarantine of one of the detected files failed.

Blocked:

No malicious process was executed. Quarantine of all detected files succeeded.

There was no damage because the attack was immediately blocked and the system was not infected.

Note that in the Forensics report, you may see "Active" as the status when this is not the current status.

This is a known limitation that is expected to be addressed in a future release.

(1)
Who rated this post