The endpoint incident detail only shows the match in the file.  How can I get the original file?

RELEVANT VERSIONS:  ALL

Endpoint file retention is accomplished by creating an automated response rule as follows:

• Add a new Automated response rule:
  • Click Response Rule
  • Click the Add a New Response Rule tab
  • Select Automated Response and click Next
  • Name the Response Rule and provide a description
• In the action drop down, choose All: Limit Incident Data Retention, then click Add Action
• Tick the box "Retain Original File" for the Endpoint and Save the rule

NOTE:  Enabling retention of the original files on the Endpoint will increase the network bandwidth consumption. This is the main reason this feature is turned off by default.