- When a Malware Service is disabled, analytics will generate the following alert text and augment TTP MALWARE_SERVICE_DISABLED
The known virus ‘x’ was detected and associated with the service ‘y’ configured to launch as ‘z’. A Disable Service Policy Action was applied.
- When a Malware Service is found but not disabled, analytics will generate the following alert text and augment with TTP MALWARE_SERVICE_FOUND
The suspected virus ‘x’ was detected and associated with the service ‘y’ configured to launch as ‘z’.
NOTE: Where x = malware name, y = service name, z = launch mode