Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
0
Helpful
1
Replies

infected file originated from

Go to solution
joshuaer
Level 1
Level 1

‎12-14-2022 08:22 AM

Hello,

When investigating a threat detected, is there a way to see how the infected file got on the machine? Is secure endpoint able to track it from a website, email, USB, etc?

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎12-14-2022 09:08 AM

If you look at the machine trajectory, and trace back the file in question, you can see what process dropped the file on the disk.
>From that you can deduce web site/email, etc.
If you have ESA/WSA in place and they're using AMP, they can be connected to AMP cloud and SecureX Threat Response and you'll see the file as sightings there as well.


View solution in original post

0 Helpful
1 Reply 1

Go to solution
Ken Stieers
VIP
VIP

‎12-14-2022 09:08 AM

If you look at the machine trajectory, and trace back the file in question, you can see what process dropped the file on the disk.
>From that you can deduce web site/email, etc.
If you have ESA/WSA in place and they're using AMP, they can be connected to AMP cloud and SecureX Threat Response and you'll see the file as sightings there as well.


0 Helpful
Customers Also Viewed These Support Documents