ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Multiple downloads of a malicious file are only recorded as a single event on the Advanced Threat Protection platform
Article ID: 170399
Endpoint Detection and ResponseAdvanced Threat Protection Platform
When testing the Advanced Threat Protection software, you download an Insight or malware test file multiple times to test network detection. When you review the Events, you only see one or two events for the download.
This is expected behavior for the Advanced Threat Protection platform. There is no gap in detection, the Event is simply only reported once.