New detection

The Endpoint Protection with EDR and Threat Intelligence powered by Crowdstrike uses its endpoint sensor/agent/installer to detect ransomware/malware behaviors and then terminates the offending process before it can accomplish its goal of encrypting files.

This is done using CrowdStrike Indicator of Attack (IoA) patterns on the endpoint. These work both online and offline and are effective against new variants and polymorphic variants of ransomware that often bypass legacy antivirus. 

From this New Detection reporting, you get to see in detail the new detection of the activities and tactics, techniques, and procedures (TTP) that are identified as malicious and produce an alarm. This report delivers contextualized information that includes attribution where relevant, providing details on the adversary and any other information known about the attack. 

The report is also available in other views in your dashboard:- 

• Most recent detection.
• Prevented malware by user and host.
• Detections by tactics.
• SHA-Based detection.

To see all detections of your environment, in your ArmourZero platform;

Step 1 - Open "View detection".

Navigate:

Activity > New Detection > View all.

Step 2 - Click on new detection.

Click on the new detection and you will get to see a list of all detection recently identified as malicious to your environment. 

Step 3 - View the list of detections and check the status.

Step 4 - Click "View"

Click on View to expand the detection for additional details. From here, a further details execution report will be open. The additional details will be shown on your screen for your reference. 

Even though there is no action is required from your end, it is still good to understand to know the true meaning of those terms in the detection verification status:-