Administrator Guide
Label Severity Detail
MemoryViolationTerminated Warning
Indicates that an executable or script was found to be actively
running and in violation of the Memory Protection or Script Control
policy. The executable or script was subsequently terminated.
Typically this denotes the correlating Memory Protection or Script
Control policy outlined was set to Terminate.
MemoryViolation Warning
Indicates that an executable or script was found that was in
violation of the Memory Protection or Script Control Policy. The
executable or script had no action taken against it, likely due to
policy being set to Allow.
ThreatRemoved Information
Indicates that a previously flagged Portable Executable (PE), that
was considered to be a threat, was removed from the endpoint.
This could indicate that the PE was removed from quarantine, or
removed from the initial location. This is common to see with PEs
that were initially detected on removable media (USB, CD-ROM,
etc)
ThreatQuarantined Information
Indicates that a Portable Executable (PE) was determined to be a
potential threat, and was subsequently placed within the quarantine
successfully. This indicates that the policy to Automatically
Quarantine threats based on it’s classification of Abnormal (Cylance
Score of 0 – 60) or Unsafe (Cylance Score of 60 – 100) is enabled.
ThreatWaived Information
Indicates a Portable Executable (PE) that was determined to be a
potential threat, has been Waived based on the Global SafeList or
by a local Waive. This could also indicate that the SHA256 hash has
been added to the “Waive” or “Global Safe List” policies within the
Dell Security Management Server.
ThreatChanged Information
Denotes when a Portable Executable’s (PE) Cylance score has
changed. This typically happens due to the two-step scoring that is
done by Cylance. The local scoring engine’s analysis of the threat
may have not matched the Cylance cloud engine’s analysis. In these
instances, due to the additional data that the Cylance cloud engine
has, the score derived by the Cylance cloud engine is used. This
may also indicate that an update to Cylance has initialized a re-
analysis of files that were previously deemed threats, and a new
score was calculated that resolved this PE to no longer be
considered a threat.
ProtectionStatusChanged Information
Denotes when an endpoint has had any protection status changed.
This is triggered when the Dell Encryption Management Agent re-
connects to the Cylance services through the Cylance Plugins. This
is commonly triggered when an endpoint has rebooted, as there is a
small period where the CSF may have not connected to the Cylance
Plugins during boot.
Click a notification for more details. The summary includes links to additional threat or event detail.
The Advanced Threats tab
The Advanced Threats tab provides a dynamic display of detailed events information for the entire enterprise, including a list of
the devices on which events occurred and any actions taken on those devices for those events.
To access the Enterprise Advanced Threats Tab, follow these steps:
1. In the left pane, click Populations > Enterprise.
2. Select the Advanced Threats tab.
Information about events, devices, and actions are organized on the following tabs:
● Protection - Lists potentially harmful files and scripts ad details about them, including the devices on which the files and
scripts are found.
Threats
15