Multiple downloads of a malicious file are only recorded as a single event on the Advanced Threat Protection platform

book

Article ID: 170399

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

When testing the Advanced Threat Protection software, you download an Insight or malware test file multiple times to test network detection. When you review the Events, you only see one or two events for the download.

Resolution

This is expected behavior for the Advanced Threat Protection platform. There is no gap in detection, the Event is simply only reported once.