Administrator Guide
Table Of Contents
review threats found by Execution Control. These were convicted when a user attempted to execute an application and need
more urgent attention than dormant files convicted by Background Threat Detection or File Watcher.
The information for the model comparison comes from the database, not your devices. So no re-analysis is done for the model
comparison. However, when a new model is available and the proper Agent is installed, a re-analysis is done on your organization
and any model changes are applied.
Refer to AdminHelp for more information.
View Web Protection and Firewall Events
Threats are categorized as Malware/Exploit, Web Filter, Firewall, or Uncategorized events. The list of threat events can be
sorted by any of the column headers. You can view threat events for the entire enterprise or for a specific endpoint. To view
threat events of a specific endpoint, from the Enterprise Threat Events tab, select the device in the Device ID column.
To view threat events in the enterprise, follow these steps:
1. In the left pane, click Populations > Enterprise.
2. Click the Threat Events tab.
3. Select the desired severity level and time period for which to display events.
To view threats on a specific endpoint, follow these steps:
1. In the left pane, click Populations > Endpoints.
2. Search or select a hostname, then the Threat Events tab.
Manage a Threat
You can Quarantine, Safe List, Waive, and Export threats.
Perform the following actions at the Enterprise level:
● Export a threat or script that has triggered an alert
● Quarantine a threat
● Safe List a threat
● Manually edit the Global List
To manage a threat identified at the Enterprise level:
1. In the left pane, click Populations > Enterprise.
2. Select the Advanced Threats tab.
3. Select Protection.
From the Script Control Table, you can Export a script that is listed in the table as a potential threat.
Manage Enterprise Advanced Threats
The Protection tab provides information about files and scripts that are potentially harmful.
Threats Table
From the Threats table, you can Export, Quarantine, or Safe List a threat. You can also manually add a threat to the Global
Quarantine List.
The table lists all events found across the organization. An event may also be a threat but is not necessarily so.
View additional information about a specific threat either by clicking on the threat name link to view the details displayed on a
new page or by clicking anywhere in the row of the threat to view details at the bottom of the page.
To view additional threat information in the table, click the drop-down arrow on a column header to select and add columns.
Columns display metadata about the file, such as Classifications, Cylance Score (confidence level), AV Industry conviction (links
to VirusTotal.com for comparison with other vendors), Date first found, SHA256, MD5, File information (author, description,
version) and Signature details.
Commands
● Export - Export threat data to a CSV file. Select the rows to export, and then click Export.
● Global Quarantine - Add file to the global quarantine list. The threat is permanently quarantined from all devices.
● Safe - Add a file to the safe list. The file is permanently treated as safe across all devices.
NOTE:
Occasionally, a "good" file may be reported as unsafe (this could happen if the features of that file strongly
resemble those of malicious files). Waiving or safelisting the file can be useful in these instances.
● Edit Global List - Add or remove files from the global quarantine list.
16
Threats