03-16-2019 10:15 PM - edited 02-20-2020 09:08 PM
Hi Sir:
Could you help me to confirm AMP4Endpoit detect the event of below scenario ?
When client click the malicious website and download the malware. The malware will try to compromise the other computers at the same subnet. What kind of event that AMP4Endpoint will record it ? Just only the event that it's inside one computer ? or including the event of one pc compromise to the others.
Solved! Go to Solution.
03-19-2019 07:46 AM
Hi Peter,
If the attachment on the website is malicious, AMP will quarantine it immediately after download (and for example if it will go through FTD that is integrated with AMP, there will connection reset before download happens).
In such case it should NOT spread across other PCs, while it will be quarantined on the first endpoint. Example of the event in AMP console:
Hope that helps,
Wojciech
03-19-2019 07:46 AM
Hi Peter,
If the attachment on the website is malicious, AMP will quarantine it immediately after download (and for example if it will go through FTD that is integrated with AMP, there will connection reset before download happens).
In such case it should NOT spread across other PCs, while it will be quarantined on the first endpoint. Example of the event in AMP console:
Hope that helps,
Wojciech
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: