This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin
‎2017-05-01 02:41 PM

Description of Incident Status in SandBlast Agent Forensics

Active:

Malicious process was executed and the system was infected. Termination and quarantine of the process or other elements of the attack is disabled in policy or failed.

Cleaned:

Malicious process was executed and the system was infected. Termination and quarantine of all attack elements succeeded. 

The system still might be damaged.

Dormant:

No malicious process was executed, but the system was infected. Quarantine of one of the detected files failed.

Blocked:

No malicious process was executed. Quarantine of all detected files succeeded.

There was no damage because the attack was immediately blocked and the system was not infected.

Note that in the Forensics report, you may see "Active" as the status when this is not the current status.

This is a known limitation that is expected to be addressed in a future release.

(1)
Who rated this post