Investigate a File

Each time a file attempts to run on a Mac or Windows endpoint, Traps logs the event and reports it to Traps management service. The
Files
page in Traps management service displays all the files that run on your endpoints, the corresponding verdicts, and other details about the files. When a security event occurs or a specific file warrants investigation, you can review the WildFire Analysis Report, view which endpoints have attempted to run the file, and, if necessary, create an exception to override the official verdict.
tms-files.png
To investigate a file:
  1. Select
    Security
    Files
    .
  2. Filter for one or more files.
    • By timeframe
      —Select the
      Timeframe
      period for which you would like to filter the files:
      Last 24 hours
      ,
      Last 7 days
      ,
      Last 30 days
      ,
      Last 3 Months
      .
    • By file name or SHA256
      —Enter a full or partial
      File Name
      in the Search field. Or to search for a file by its SHA256 hash value, select
      SHA256
      instead of
      File Name
      and enter the full value.
    • By endpoint
      —Enter a full or partial
      Endpoint
      hostname (or alias, if assigned) in the Search field.
    Traps management service filters the results based on your filter or search criteria.
  3. Select the
    File Name
    to view additional details about the file.
    Traps management service summarizes details about the file and displays the most recent verdict assigned to the file along with the verdict source.
  4. To view the endpoints on which a file attempted to run during the last month, click the
    Endpoints
    tab.
    Traps management service displays details about each Endpoint including the
    Endpoint
    name,
    User
    that was logged in when the file attempted to run, full
    File
    path, local analysis verdict (if issued),
    Content Version
    of the local policy, and the date when the file was
    Last seen
    .
    tms-file-analytics-file-details-endpoints.png
  5. Select the
    WildFire
    tab to Review WildFire Analysis Details
  6. If after analyzing the WildFire Analysis Report and completing any additional research, you believe the verdict for the file is incorrect:

Recommended For You