ATP Platform shows multiple events for a single email with multiple malware detections

search cancel

ATP Platform shows multiple events for a single email with multiple malware detections

book

Article ID: 164187

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

ATP Platform shows multiple events for a single email with multiple malware detections.

Environment

ATP Platform

Email Security.cloud correlation enabled

Cause

Behavior by design.

To properly correlate events to other events, ATP Platform has to translate events from Email Security.cloud in such a way that an event is generated for each piece of malware that is detected by the Anti-malware service of Email Security.cloud, even when multiple detections occur within a single email attachment. In contrast, the Email Track and Trace tool within the customer portal of Email Security.cloud is geared more towards identifying that a malware detection occurred and whether a mail message was blocked because of the malware or spam detection.

Resolution

Use as is.

Feedback

thumb_up Yes

thumb_down No