Threats Resolve Options (marking suspicious activity as benign or as a threat)
03/26/2020 17 7254
This Article Explains about threat Resolve Options (marking suspicious activity as benign or as a threat based on content of the file)
If capture client on endpoint says threat detected and you want to take more action based on content of the file, login to https://captureclient.sonicwall.com and navigate to Analytics>Threats and choose the file for which you wants to take action.
Click on the file you want to take actions> click on Threat Actions and select options available based on content of the file.
Mark as resolved - Remove the threat from the Dashboard.
Mark as benign - For false positives. The Management Server adds the item to the whitelist, marks the threat as resolved, and removes it from the Dashboard view.
- Mark as Threat - The Management Server adds the item to the blacklist. If this threat is installed on an endpoint, the Agent blocks it immediately.
You can click on VirusTotal Google hyper links available next to SHA1 Hash value in summary section of the file, if you want to read more about the file before taking actions.