Reference Guide
Navigate the Dell Server
86
Refresh the data.
Endpoint Advanced Threats
This page allows you to view, export, quarantine, or waive unsafe files that trigger events on the
selected endpoint.
An event is not necessarily a threat. An event is generated when a recognized file or program is
quarantined, safe listed, or waived. Threats are a category of events that are newly detected as
potentially unsafe files or programs and require guided remediation.
1. In the left pane, click Populations > Endpoints.
2. Search or select a hostname, then the Advanced Events tab.
List of Events
The list presents all files that have triggered events found on this device.
Columns
Icon - An icon displays in this column, when available.
Name - File triggering the event.
File Paths - The location of the file on the device.
Cylance Score - A score is assigned to each file that is deemed Abnormal or Unsafe. The score
represents the confidence level that the file is malware. The higher the number, the greater the
confidence.
Status - Indicates whether the file has been quarantined or waived.
Classification - Classification of the threat: High, Medium, or Low. For details, see Advanced
Threat Protection Classifications.
First Found - Date/timestamp that the file was first found.
Running - Indicates whether the file that triggered the event is running or not.
Auto Run - Indicates whether the file was set to automatically run upon startup.
Detected By - Indicates whether the file was detected by Execution Control or by Memory
Protection.
Configure the Threat List
Add or Remove Columns
Click an arrow next to any column header and select Columns to add columns to, or remove columns from, the
table.
Filter on Column Data
To filter the list based on column data, click the down-arrow on any column to display the context menu, and
select Filter.
The filter options vary, depending on the type of data in the column. For example, you may want to filter the list
so that it shows only high priority threats.
Group by a Column