Acting on Intrusion prevention detections

book

Article ID: 184831

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

A client detecting a file as malicious and next steps to be taken 

Environment

SEP 15

Resolution

If a device detects a file that generates malicious traffic, it appears on the My Tasks tab for 90 days for you to handle. Endpoint Security lets you decide whether you want to take action on the traffic. If you don't blacklist the file, Endpoint Security continues to block the traffic, but the file remains on the device. Therefore, the task is considered unresolved. However, do not blacklist the source if you think that it is safe.

Table: Options to handle a file that generates malicious traffic

Option

Description

Recommended Actions

Lists the action you can take on the suspicious source of malicious traffic. You must select an option for Endpoint Security to take action.

Impact

Provides the information on the scope and range of devices that report a malicious source. A source that is detected as suspicious on a lot of devices may indicate a larger issue.

Associated Artifacts

Select at item from the list to get information about it, and whether or not you should blacklist or ignore the source. For example, if the source is relevant to an internal application that your company uses, you do not want to blacklist it.

Recent Events

Lists other recent events and the resulting action taken, if any.