Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
CSA detects (based on the rules you have in place) suspicious behavior that a worm would produce when it was trying to execute on a machine. It queries the user (if user interaction is enabled) whether they will allow it. The Global Event correlation (if you have it enabled) will notify other machines and prevent the spread of the worm even if it successfully executes. CSA knows about the virus scanner (if you have it configured) and allows it to perform as needed but it is not dependant on it for protection.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.