Collect File Sample Task

After identifying a suspicious file object that you want to investigate in your local environment, you can collect the file in a password-protected archive and download the file from the Response Management app.

Warning:

Downloading suspicious samples may potentially harm your endpoint. Ensure that you take the necessary precautions before continuing. Trend Micro Vision One automatically stores the collected samples in a password-protected ZIP archive.

  1. After identifying the object that you want to collect, access the context or response menu and click Collect File.

    The Collect File Task screen appears.

  2. (Optional) Specify a Description for the response or event.
  3. Click Create.

    Trend Micro Vision One creates the task and displays the current command status on the Response Management app.

  4. Monitor the task status.
    1. Open the Response Management app.
    2. (Optional) Locate the task using the Search field or by selecting Collect File from the Action drop-down list.
    3. View the task status.
      • In progress... (): Trend Micro Vision One sent the command to the managing server and is waiting for a response

      • Queued (): The server queued the command due to a high volume of requests or because the Security Agent was offline

      • Successful (): The managing server successfully received the command

      • Unsuccessful (): An error or time-out occurred when attempting to send the command to the managing server

  5. Download the sample file.
    1. In the Response Management app, find the Collect File task and click the options button () at the right of the row.
    2. Click Download File.
    3. On the screen that appears, record the password for the archived sample.
    4. Click OK to download the file.
      Warning:

      Downloading suspicious samples may potentially harm your endpoint. Ensure that you take the necessary precautions before continuing. Trend Micro Vision One automatically stores the collected samples in a password-protected ZIP archive.