PO-Malware Tab

Home

How To Guides

Installation Guides

MALWARE TAB OVERVIEW

LETS CHECK OUT SOME MALWARE

This overview will describe the malware tab, and its various functionality.

OVERVIEW: At the top of the page you will find high level information about malware found in your environment.

Active Malware: Total number of files or email attachments that are malicious in your environment.

Suspicious: Total number of files that have been found to be suspicious. Suspicious files are found to behave like malware but are not known to be malicious.

Malicious: Total number of files that are found to be actively malicious in your environment.

Inactive Malware: Malware that has been remediated.

Removed: The malware has been deleted from your environment.

Quarantined: The malware has been quarantined to the administrative accounts g-drive in the CAM_Quarantine folder.

SEARCH:

The search box allows you to search through the found malware by a variety of parameters.

Name: Search by the filename that contains malware.

Owned By: Search by an account.

Shared With: Search by an account that malware has been shared with.

RESULTS BOX:

The results box will display all malware found in your environment by default. Each column in the results box will display relevant information.

Name: The name of the file that contains malware.

Status: The status of the malware.

Scan Result: The result of of the scan (Malicious, Suspicious, Unknown)

Malicious: the file is known to be malicious.

Suspicious: The file behaves like known malware.

Unknown: The file has been sent for review, and will be classified once examined.

Detection Time: The time and date the malware was detected.

MALWARE RESULTS DROPDOWN:

When clicking the down arrow in the scan results column, a dropdown will appear with more detailed malware information.

Threat Score Value: The threat score is generated based on various threat indicators, 0 is non malicious, while 100 is known to be malicious. Typically any file with a score over 70 is highly likely to be malicious.

Download Report: To get a detailed report on why the file was considered malicious, select the Download Report link, and a PDF will be downloaded.

TAKING ACTION ON MALWARE:

After investing gating malware, you have a few options on how to deal with the threats. Select the file(s) you would like to take action against, by clicking the check boxes to the left of the name, and then select the desired action above the results box.

Delete: Permanently delete the file from your cloud environment.

Quarantine: Move the file to a folder in the administrators g-drive named CAM_QUARANTINE. for further research.

Ignore: If the file is not a threat to your environment, you can ignore the malware, which will leave the file in place, but will remove the threat from the malware tab.

FILTERING AND SEARCHING:

Searching: You are able to search for malware by using the Search Box above the results box. By clicking the dropdown arrow you are able to change search parameters.

Name: The name of the file or attachment containing the malware.

Owned By: A user name that allows you to see all malicious files owned by that user.

Shared With: Malware that has been shared with a specific user.

Filtering: You can filter malware by selecting the Filter button on the right side of the screen, and applying the filters you would like to have in place.

Parameters: Parameters can be easily added by selecting the add parameter button inside the filter popup. Searches are easily narrowed down in this way.

Report abuse