Acting on Intrusion prevention detections


Article ID: 184831


Updated On:


Endpoint Protection


A client detecting a file as malicious and next steps to be taken 


SEP 15


If a device detects a file that generates malicious traffic, it appears on the My Tasks tab for 90 days for you to handle. Endpoint Security lets you decide whether you want to take action on the traffic. If you don't blacklist the file, Endpoint Security continues to block the traffic, but the file remains on the device. Therefore, the task is considered unresolved. However, do not blacklist the source if you think that it is safe.

Table: Options to handle a file that generates malicious traffic



Recommended Actions

Lists the action you can take on the suspicious source of malicious traffic. You must select an option for Endpoint Security to take action.


Provides the information on the scope and range of devices that report a malicious source. A source that is detected as suspicious on a lot of devices may indicate a larger issue.

Associated Artifacts

Select at item from the list to get information about it, and whether or not you should blacklist or ignore the source. For example, if the source is relevant to an internal application that your company uses, you do not want to blacklist it.

Recent Events

Lists other recent events and the resulting action taken, if any.