The Infections page provides a streamlined way to monitor all infections that have been identified and effectively managed by Endpoint Protection with EDR powered by WithSecure. This protection solution requires the installation of a sensor, agent, or installer on your end-users' computers, laptops, or servers.
The report furnishes insights into:
- Specifics of detected infections and their subsequent handling by Endpoint Protection with EDR powered by WithSecure.
- Actions taken by the installed solution to safeguard the affected device.
This report is exportable for future reference, and it also offers the option to configure email alerts. These alerts can notify designated individuals whenever an Endpoint Protection with EDR powered by WithSecure device executes a particular action while managing an infection.
The following columns are available for further investigation into the detected infections:
Date: The exact date and time when the infection was reported.
Computer: The designated name of the infected device. Clicking on the name provides access to the device details page.
Infection: The name of the malicious program responsible for the infection. Clicking on the name opens a web browser page displaying additional information about the malicious program.
Type: The classification of the infection, which falls into one of three possible types:
|A program that performs one or more actions that are harmful to the device or data saved on it
|A program that sends out or keeps data that can be used to track a specific device or user
|A program that may introduce a security risk if it is used inappropriately
This section outlines the actions executed by the Endpoint Protection with EDR powered by WithSecure product. These actions encompass:
|The infected object has been blocked from performing any further actions. Other files are not permitted to access a blocked object.
|The infected object has been renamed.
|Any current action being performed by the infected object has been halted.
|The infected object has been deleted.
|The infected object has been reported to our analysis systems.
|The malicious code has been deleted from the infected object
|The infected object has been moved to a safe repository for files that may be harmful.
|Blocked and asked for further action from the user
|The infected object has been blocked from performing any further actions. A dialog message has been shown to the user to ask what further action they would like to pursue
|The name of the object (for example, a program, a document file, or a database) that has been infected
If you have any questions regarding any of these infections, submit new SOC ticket.