cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
373
Views
0
Helpful
1
Replies

infected file originated from

joshuaer
Level 1
Level 1

Hello,

When investigating a threat detected, is there a way to see how the infected file got on the machine? Is secure endpoint able to track it from a website, email, USB, etc?

Thanks

1 Accepted Solution

Accepted Solutions

If you look at the machine trajectory, and trace back the file in question, you can see what process dropped the file on the disk.
>From that you can deduce web site/email, etc.
If you have ESA/WSA in place and they're using AMP, they can be connected to AMP cloud and SecureX Threat Response and you'll see the file as sightings there as well.


View solution in original post

1 Reply 1

If you look at the machine trajectory, and trace back the file in question, you can see what process dropped the file on the disk.
>From that you can deduce web site/email, etc.
If you have ESA/WSA in place and they're using AMP, they can be connected to AMP cloud and SecureX Threat Response and you'll see the file as sightings there as well.