Jump to content
Bill Lyons

Questions about Unhandled Threats & Resolved Threats

Recommended Posts

Hello!

Please bare with me as this is my first post on these forums.

I have some questions about ESMC v7 and its displaying of Unhandled Threats and dealing with "Resolved" threats.

 

So for the Unhandled Threats I have setup a Dynamic Group thats using the following experssion:

 

 
Active threats . Threat handled = no (I also attached a screenshot as well)
 
This should the way I understand it show any Threats that are outstanding that have not had any "action" done to them correct? By action I mean clean, delete, block etc...
 
The reason I ask this is that I see that if I look at my threats tab I have several more devices listed there with threats that have no Action done to them and are unresolved that do not show up in my Unhandled Threats group.
 
 
As for the "Resolved" Threats question - I read that in v7 it should be possible to have the system auto resolve and clear out the threat listing by performing a scan? Is this correct? If so what type of scans qualify for this? Has anyone successfully automated this to clear out the low hanging fruit leaving only the issues that need actual attention left in the Threats tab?
 
Any advise you guys and gals can provide would be greatly appreciated.
 
 

ESETDynamicGroupExpression.PNG

Share this post


Link to post
Share on other sites

I'd start off by asking you about what active / unhandled threats you have. The thing is that in a managed environment the security product handles even pot. unsafe or unwanted applications as though in strict cleaning mode, ie. fully automatically.

Share this post


Link to post
Share on other sites

Marcos,

 

Here are a few of them:

 

Type:  (no type given)  Cause: Suspicious       Object: file:///C:/Windows/system32/en-US/IEFRAME.dll.mui

Type: trojan                 Cause: HTML/ScrInject.B           Object: file:///C:/Documents and Settings/[USERNAME REMOVED]/AppData/Local/Microsoft/Windows/Temporary Internet Files/Content.IE5/MFSTZ8NF/7b973e50[1]

Type: potentially unwanted application   Cause: OSX/CleanMyMac.A     Object: file:///G:/$RECYCLE.BIN/S-1-5-21-2973374289-3595491005-59360181-23882/$RFW5CJ5.dmg/4.hfs

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...