Endpoint Protection

  • Private Community
 View Only

  • 1.  Signature Based Detection?

    Posted Sep 22, 2017 01:54 PM

    Hi Team,

    We use SEP client Version 14.

    Client has detected some files as malicious. But i wanted to understand what type detection it has done?

    How can i say the detection is  Singnature based by looking at logs?

    Please help me to understand this.

     

    Thanks & Regards

    Secroa



  • 2.  RE: Signature Based Detection?

    Posted Sep 22, 2017 02:53 PM

    If it was by Auto-Protect than view the log under Virus and Spyware Protection >> View Logs >> Risk Log

    If it was by SONAR than view the log under Proactive Threat Protection >> View Logs >> Threat Log



  • 3.  RE: Signature Based Detection?

    Posted Sep 22, 2017 05:18 PM
    There are many malware detection categories in SEP, but the most common non-signature detections are ws.reputation (download insight detection), Heur.AdvML(machine learning), *.Sonar.*(Heuristics), *.bloodhound.* (heuristics), Exp.CVE-* (heuristic for malware using specific exploits) There are more, but the ones I listed are the most common. To see the logs follow Brians advice