Integration with Third Party Anti-Virus Vendors
R81 Harmony Endpoint Server Administration Guide|321
Integration with Third Party Anti-Virus Vendors
Forensics can use information from the Windows Event Log to monitor and analyze malware
events from third party anti-virus vendors. Based on the Windows Event Log, Forensics can
analyze attacks, terminate processes, delete or quarantine files, and do other attack
Remediation.
You can enable or disable third party integration in SmartEndpoint, from the Automatic Threat
Analysis action. This works with most common vendors without manual configuration.
Note - Some third party vendors do not automatically send information to the Windows Event
Log. To use third party vendor integration, make sure that your vendor is configured to send
information to the Windows Event Log.
Events are detected when the client is online or offline.
To enable or disable Forensics Third Party Anti-Virus Vendor integration:
1. In a Harmony Endpoint Forensics and Remediation rule, right-click the Automatic
Threat Analysis Action and select Edit Shared Action.
2. In the bottom of the window, click Override confidence level per specific event.
The Confidence level for automatic response window opens.
3. In the Additional Events area, in the Third party row under Forensics Analysis -
n
Select Always to enable Third Party Anti-Virus Vendor integration.
n
Select Never to disable it.
4. Click OK.
To Next Page
Loading...
