- At this point, your end-users should have already installed the sensor/agent/installer to their computer/pc/laptop and it is successfully running. If they haven't, this article might have the information on step by step guide on how to self-install the sensor/agent/installer package to their computer/pc/laptop.
- The Endpoint Protection with EDR and Threat Intelligence powered by Crowdstrike will automatically facilitate remediation and response to any detection of threats to your environment.
The Endpoint Protection with EDR and Threat Intelligence powered by Crowdstrike uses its endpoint sensor/agent/installer to detect ransomware/malware behaviors and then terminates the offending process before it can accomplish its goal of encrypting files.
This is done using CrowdStrike Indicator of Attack (IoA) patterns on the endpoint. These work both online and offline and are effective against new variants and polymorphic variants of ransomware that often bypass legacy antivirus.
The report is also available in other views in your dashboard:-
SHA is the acronym for Secure Hash Algorithm, used for hashing data and certificate files. Every piece of data produces a unique hash that is thoroughly non-duplicable by any other piece of data.
View SHA-Based Detections
Activity > SHA-Based Detections.
Step 1 - Open "SHA-Based Detections"
Step 2 - Click to see the details.
Step 3 - View the list of detections and check the status.
This detection requires validation by our Security Operation Centers to respond if the detection is a legit attack or not. The validation request status will be shown on this page.
Even though there is no action is required from your end, it is still good to understand to know the true meaning of those terms in the detection verification status:-
|New||New detection was identified as malicious and has been blocked by the sensor/agent/installer. Yet to be verified by our personnel.|
|In progress||Detection verification is being worked on by our personnel and an update will be provided as soon as it is completed, or if more information is required.|
|True_positive||The detection is a verified legitimate attack that triggers and produces an alarm.|
|False_positive||The detection is verified as not a real attack.|