Investigate a File
Each time a file attempts to run on a Mac or Windows endpoint, Traps logs the event and reports it to Traps management service. The Files page in Traps management service displays all the files that run on your endpoints, the corresponding verdicts, and other details about the files. When a security event occurs or a specific file warrants investigation, you can review the WildFire Analysis Report, view which endpoints have attempted to run the file, and, if necessary, create an exception to override the official verdict.
To investigate a file:
- Select Files.
- Filter for one or more files.
Traps management service filters the results based on your filter or search criteria.
- By timeframe—Select the Timeframe period for which you would like to filter the files: Last 24 hours, Last 7 days, Last 30 days, Last 3 Months.
- By file name or SHA256—Enter a full or partial File Name in the Search field. Or to search for a file by its SHA256 hash value, select SHA256 instead of File Name and enter the full value.
- By endpoint—Enter a full or partial Endpoint hostname (or alias, if assigned) in the Search field.
- Select the File Name to view additional
details about the file.Traps management service summarizes details about the file and displays the most recent verdict assigned to the file along with the verdict source.
- To view the endpoints on which a file attempted to run
during the last month, click the Endpoints tab.Traps management service displays details about each Endpoint including the Endpoint name, User that was logged in when the file attempted to run, full File path, local analysis verdict (if issued), Content Version of the local policy, and the date when the file was Last seen.
- Select the WildFire tab to Review WildFire Analysis Details
- If after analyzing the WildFire Analysis Report and completing any additional research, you believe the verdict for the file is incorrect:
Features Introduced in 2019
Introducing new features in the Traps management service by month during 2019. ...
Features Introduced in 2018
Introducing new features in the Traps management service by month during 2018. ...
Assess Security Events
Assess Security Events Traps management service ranks all events in order of severity so you can quickly see the most important events when you log ...
Manage Quarantined Files
Manage Quarantined Files When Traps detects malware on a Windows endpoint, you can take additional precautions to quarantine the file. When Traps quarantines malware, Traps ...
What is a Security Event?
When the Traps agent identifies an attempt to run a malicious file or process, the agent logs a security event. ...
Assess and Remediate Security Events
Assess and Remediate Security Events What is a Security Event? When the Traps agent identifies an attempt to run a malicious file or process, the ...
Assess WildFire Analysis Details
Review WildFire Analysis Details For each file, Traps management service receives a file verdict and the WildFire Analysis Report detailing additional information you can use ...
Scan an Endpoint for Malware
Scan an Endpoint for Malware In addition to blocking the execution of malware, Traps can scan your Windows endpoints and attached removable drives for dormant ...
Configure a WildFire Rule
Configure a WildFire Rule WildFire rules determine how Traps detects and responds to malware on your endpoints. You can create or edit WildFire rules on ...