07-15-2020 10:24 AM
We have enabled Script process protection feature in our environment, however we dont see any filter for this feature under "Events" tab. How can we filter or find the script process protection alerts on AMP console for our machines.
07-15-2020 10:57 AM
It is listed under System Process Protection.
Thanks,
Matt
07-15-2020 11:19 AM - edited 07-15-2020 11:20 AM
Thanks Matt for the response!!
We see only "System process protection" and not "Script process protection". Incase if its a subset of "System process protection" feature how do we see a particular alert for "Script process protection". Please guide me here.
07-15-2020 12:02 PM
Sorry for the confusion, I misread your post. The Script Protection events will be under Threat Detected or Quarantine events, they are not listed separately at this time.
Thanks,
Matt
07-19-2020 11:13 PM
Hello @pavankumar.kakarla,
als @Matthew Franks already explained, today Script Protection is focusing on Scanning Files provided by Microsoft AMSI. Therefore it is shown as a File Detection Event. This is the actual Product Design of the Engine.
This may change in future releases of the engine.
Greetings,
Thorsten
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide