Dameon Welch-Abernathy

Description of Incident Status in SandBlast Agent Forensics

Discussion created by Dameon Welch-Abernathy Employee on May 1, 2017

Active:

Malicious process was executed and the system was infected. Termination and quarantine of the process or other elements of the attack is disabled in policy or failed.

 

Cleaned:

Malicious process was executed and the system was infected. Termination and quarantine of all attack elements succeeded. 

The system still might be damaged.

 

Dormant:

No malicious process was executed, but the system was infected. Quarantine of one of the detected files failed.

 

Blocked:

No malicious process was executed. Quarantine of all detected files succeeded.

There was no damage because the attack was immediately blocked and the system was not infected.

 

Note that in the Forensics report, you may see "Active" as the status when this is not the current status.

This is a known limitation that is expected to be addressed in a future release.

Outcomes