Filter Hash Control Records
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Filter Hash Control Records
To help you quickly respond to malware-related
activity, you can easily filter the number of results on the Hash
Control page using one or more search conditions.
- From the ESM Console, select PoliciesMalwareHash Control.
- Filter the results displayed on the Hash Control page
using any of the following methods:Import and run a previously-saved search query
- Click the
- Select Import Search.
- Browse to and Upload an XML file containing a previously saved search query. The Hash Control page automatically applies the imported search query.
Use a predefined search query- Click the
- Select from one of the following predefined search
queries:
- Malware discovered in the last day
- Malware discovered in the last week
- Restore candidates—Displays the files that have been quarantined that are eligible for restoration
- Last 1000 manual overrides—Displays the files which have an administrative hash control policy to override the official WildFire verdict
- Last 1000 unknown files—Displays files which have not been submitted to WildFire for analysis or for which the official WildFire verdict is unknown
- Last 1000 upload errors—Displays any files which encountered errors during the submission process to WildFire
The Hash Control page displays up to 1000 records which match your predefined search conditions.
Perform a complex search query- Specify whether to match Any of the conditions you specify (similar to an OR operation) or to match All of the conditions (similar to an AND operation).
- To clear all existing search conditions, click
- Select your search condition, operator, and value. For options, see File Hash Search Conditions.
- To enter additional search conditions, click
- When you are done adding conditions, click Search. The Hash Control page displays up to 1000 records which match your search conditions.
- Click the
- (Optional) To run you search query at a later
time, export it to a file.
- Click the
- Select Export Search. The ESM Console saves your search parameters to an XML file.
- Click the