Views:
The Analysis Chain screen provides details about a Noteworthy Event and allows you to perform further investigation on noteworthy objects. You can also isolate or run an Aggressive Scan on the affected endpoint.
Use the Status drop-down list to change the event status.
Click Action Taken to view a list of actions taken upon the event.
Click export.png and select Analysis Chain to export the Analysis Chain to a ZIP file.
Information
Description
Endpoint
Displays details about the endpoint that was investigated
Click caret-down.jpg and select Isolate Endpoint to disconnect the endpoint from the network. During isolation, the Security Agent can only communicate with the server.
Click caret-down.jpg and select Start Aggressive Scan to fix unresolved security risks.
Note
Note
Aggressive Scan is available for Windows Security Agent endpoints only.
First Observed Object
The first object in the analysis chain suspected to have been responsible for the creation of the investigated object.
This is often the entry point of a targeted attack.
Hover over an object and click search.png to locate the object in the Analysis Chain.
Security Threat
The detected threat that Worry-Free Services uses to create the Noteworthy Event.
Hover over an object and click search.png to locate the object in the Analysis Chain.
Noteworthy Objects
Highlights objects in the chain that are possibly malicious, based on existing Trend Micro intelligence
The value counts the number of unique noteworthy objects in the chain.
Click to view the list of noteworthy objects.
Hover over an object and click search.png to locate the object in the Analysis Chain.
Analysis Chain
Displays a visual analysis of the objects involved in an event
Click any available node to view more information about the selected object.
For more information on how to interpret Analysis Chains, see:
Related information