Threats Resolve Options (marking suspicious activity as benign or as a threat)

Description

This Article Explains about threat Resolve Options (marking suspicious activity as benign or as a threat based on content of the file)

Resolution

If capture client on endpoint says threat detected and you want to take more action based on content of the file, login to https://captureclient.sonicwall.com and navigate to Analytics>Threats and choose the file for which you wants to take action.

 

ImageClick on the file you want to take actions> click on Threat Actions and select options available based on content of the file.

Image

  • Mark as resolved - Remove the threat from the Dashboard.

  • Mark as benign - For false positives. The Management Server adds the item to the whitelist, marks the threat as resolved, and removes it from the Dashboard view.

  • Mark as Threat - The Management Server adds the item to the blacklist. If this threat is installed on an endpoint, the Agent blocks it immediately.

    • You can click on VirusTotal Google hyper links available next to SHA1 Hash value in summary section of the file, if you want to read more about the file before taking actions.

     

     

     

     

Related Articles

  • Capture Client - System Requirements
    Read More
  • Capture Client – Migrate local CMC user login to MySonicWall account login
    Read More
  • Integration of CFS 5.0 Support in Capture Client
    Read More

Categories

Endpoint Security
Capture Client
Settings
not finding your answers?
Ask the Community