topic Re: Custom Detection in Endpoint Security

Custom Detection

Diego Leitao — Fri, 21 Feb 2020 05:09:50 GMT

Hello!

I would like to know why when I use a custom detection to quarantine a file, that file won't go to the quarantine folder and doesn't show me that the file was quarantined.

Even when I try to open the file again, the AMP shows me "not quarantined"

So, is it possible to quarantine a file using Audit policy for instance?

Because looks like is not.

Re: Custom Detection

Ken Stieers — Mon, 15 Jul 2019 17:00:59 GMT

Did you add the Custom Detection to the policy under Management/Policies??

You create it under Outbreak Control, but it has to be added to the policies.

Re: Custom Detection

Diego Leitao — Mon, 15 Jul 2019 17:58:09 GMT

Hi,

Yeah, I did it but didn't work in that time.

But I think it's another problem.

I'm facing today a problem of delay on AMP.

Some events were reported later. So I think that the manual quarantine didn't work because of that, maybe the event will be reported later.

Anyway, thanks for your help

Re: Custom Detection

Matthew Franks — Mon, 15 Jul 2019 19:07:11 GMT

You mentioned using an Audit Policy. The file won't be quarantined if you're using an Audit policy, you will just get a notification that it would have been quarantined if the policy was set up to do so.

Re: Custom Detection

Diego Leitao — Mon, 15 Jul 2019 19:29:51 GMT

So, is it not possible to manual quarantine a file if you are using an Audit policy?

I know that automatic quarantine in a Auditi policy doesn't work, but I thought that you could do that manually.