Views:
This section describes how to apply the Add to Suspicious Objects Blocklist action when the relevant event occurs and the associated outcomes. By applying this action, you block the application associated with the detected anomalies to run on the device without further check.

Procedure

  1. To check agent events, go to LogsAgent Events.
  2. Find the Warning level events related to the Operations Behavior Anomaly Detection – Application Behavior, and then click the Event Details icon in the Action column.
  3. The Event Details window appears.
  4. Click Add to Suspicious Objects Blocklist to apply this action. The application associated with the detected anomalies will be added to the Suspicious Objects Blocklist.
  5. A comfirmation window appears. Read it carefully and click Confirm if you decide to add the application to the Suspicious Objects Blocklist.
    Important
    Important
    Once added, the application will be blocked from running on the endpoint unless removed from the Suspicious Objects Blocklist.
  6. To check if the application has been added to the Suspicious Objects Blocklist, navigate to the target agent and then go to its Policy page.
  7. Go to Operations Behavior Anomaly DetectionApplication Behavior.
  8. Find and click Suspicious Objects Blocklist. A pop-up window appears and displays a list of the blocked applications added from the event action “Add to Suspicious Objects Blocklist".