The Profile tab shows the details applicable for the selected object type.
Some objects may show only a limited set of details, or may not have any details available at the time of execution.
Note
Note
You can further examine objects with Malicious ratings in Threat Connect or VirusTotal.
The tab may also display additional options for Matched Objects and Noteworthy Objects.
Option
Description
Terminate Object
Terminates all running instances of the object only on the target endpoint's current state
Note
Note
This action is available only for unrated, malicious, and suspicious process type objects. To verify if the command was successful, go to AdministrationCommand Tracking.
Add to Suspicious Objects List
Terminates all running instances of the object only on the target endpoint's current state, and then adds the object to the User-Defined Suspicious Object list
Note
Note
If Application Control is enabled, processes that match the hash value of objects added to the User-Defined Suspicious Object list are not allowed to run on all endpoints. Endpoint Sensor also terminates process type objects before adding them to the list, and Application Control prevents them from starting again.
Add to Historical Investigation List
Adds the object as criteria for a new Historical Investigation
To start the investigation, click the Start a Historical Investigation button above the Analysis Chain.
Note
Note
If you decide that you no longer want to perform a Historical Investigation on an object in the Analysis Chain, click the object and then click the Remove from Historical Investigation List button.
For more information, see Using User-defined Criteria for Historical Investigations.