I am currently getting alerts when a threat is detected on a computer. However, it isn’t telling me if that threat was blocked or quarantined. Is there a way to get an alert that would tell me if a piece malware was blocked, allowed or quarantined? Thanks.
@jmock ,
As of the moment, this specific functionality is still being developed. The planned release of this functionality is set for 2018Q3. We’ ll send you an email notification for any updates.
Can you try this option, if this can suffice your need.
all threats are automatically contained if you are using containment.
@jmock ,
There is more than one case here.
Threat can be detected by AV engine (default action is Quarantine), by Lookup service (default action is Quarantine), by HIPS (default action is Block) or Containment (default action is Quarantine).
We can suggest to browse Quarantine for mentioned file and check if it quarantined or not.
Team is working over functionality to easily find a file despite if it has been, Quarantined, Contained or Blocked.
@jmock ,
We have different types of notifications:
On a device:
-
Alert. CCS shows alert if the corresponding setting is set in profile. The end user can choose what the action should be applied to detect malware (AV alert)
-
Notification. CCS shows alert if the corresponding setting is set in profile. It shows the item was detected first time on a device. The default action is applied in this case.
-Email notification from portal:
ITSM portal sends an email alert if malware was detected but wasn’t quarantined for some reason (access is denied, user didn’t choose an action on alert on the device, etc)