Manualshelf

Reference Guide

ManualsBrandsDell ManualsConverged InfrastructureEndpoint Security Suite Pro
919293949596979899100
Security Management Server Virtual - AdminHelp v9.8
81
Quarantine
Click Quarantine to add the file to the Quarantine list.
Quarantining a file will prevent the file from being executed on this device.
Note: Quarantining a file will move the file from its original location to the Quarantine directory
(C:\ProgramData\Cylance\Desktop\q).
Waive
Click Waive to allow the file to run on this device.
Note: Occasionally, a “good” file could be quarantined or reported. This could happen if the features of that
file strongly resemble those of malicious files. Waiving or globally safe listing the file can be useful in these
instances.
Exploit Attempts
This section lists the detection of attempts to exploit running processes, or malware that executes from
within memory space.
A number displays the total number of events, followed by the number in each subcategory.
Checkbox - Select all events by selecting the check box in the column heading row, or select individual
events. When you click a box, Quarantine and Waive are activated.
Added - Date and time when the exploit attempt was added.
Process Name - Name of the process identified as an exploit attempt.
Process ID - Unique number associated with the exploit attempt.
Type - Type of memory exploit: Exploitation, Process Injection, Escalation.
Action - Action taken to protect the system from the exploit attempt:
Ignore - The agent will not take any action against identified memory violations.
Alert - The agent will record the violation and list the incident on this page.
Block - If an application attempts to call a memory violation process, the agent will block the
process call. The application that made the call is allowed to continue to run.
Terminate - If an application attempts to call a memory violation process, the agent will block the
process call and will also terminate the application that made the call.
User Name - Name of the user who was logged in when the exploit attempt was identified.
Endpoint Advanced Threat Events
The Advanced Threat Events tab displays if the Advanced Threat Prevention service is provisioned and
Advanced Threat Prevention is enabled on the endpoint.
The tab displays information about events for the endpoint based on information available in the Security
Management Server.
To access the Enterprise Advanced Threats tab, follow these steps:
1. In the left pane, click Populations > Endpoints.
2. Search or select a Hostname, then the Advanced Threat Events tab.