The Profile tab shows the details applicable for the selected object type.
Some objects may show only a limited set of details, or may not have any details available at the time of execution.
You can further examine objects with "Malicious" ratings in Threat Connect or VirusTotal.
|
Option |
Description |
|---|---|
|
Terminate Object |
Terminates all running instances of the object only on the target endpoint's current state Note:
This action is available only for unrated, malicious, and suspicious "process" type objects. To verify if the command was successful, go to . |
|
Add to Suspicious Objects List |
Terminates all running instances of the object only on the target endpoint's current state, and then adds the object to the User-Defined Suspicious Object list Note:
If Application Control is enabled, processes that match the hash value of objects added to the User-Defined Suspicious Object list are not allowed to run on all endpoints. Endpoint Sensor also terminates "process" type objects before adding them to the list, and Application Control prevents them from starting again. |
|
Add to Historical Investigation List |
Adds the object as criteria for a new Historical Investigation To start the investigation, click the Start a Historical Investigation button above the Analysis Chain. Note:
If you decide that you no longer want to perform a Historical Investigation on an object in the Analysis Chain, click the object and then click the Remove from Historical Investigation List button. For more information, see Using User-defined Criteria for Historical Investigations. |