Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 1 subscriber
  • Views 13116 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adware or PUA detected - Acknowledge Alert Permanently

P8 IT

Hi all,

I am probably searching on the wrong criteria and the answer to this is no doubt as basic as it gets but how do I acknowledge an "Adware and PUA" alert permanently in SEC?

Our users with remoteware always come up with the alert: Adware or PUA detected.

At the moment I right click on the relevant pc in SEC and select "Resolve Alerts And Errors".

I then hook the relevant check boxes and the select the "Acknowledge" button.

24 to 72 hours later, depending on status of the machine, the Adware and PUA section will populate with these pcs again.

I want to be able to acknowledge the alert permanently as the alert is referring to the users remoteware which is legitimate.

Thanks in advance for any help.

JP

:11747


This thread was automatically locked due to age.
Parents
  • 0

    HI,

    So if you go to a manged client (with Adware and PUA detection enabled in the policy) and try to run for example:

    PSKill or PSExec (Sysinternals tools).

    These should be deletected on the client, the alert should go back to SEC and these detected applications should appear in the Authorization Manager in the SAV policy in SEC (left column).  You can then authorise them as required.  This doesn't happen?  Does the alert appear against the client?

    Regards,

    Jak

    :22067
Reply
  • 0

    HI,

    So if you go to a manged client (with Adware and PUA detection enabled in the policy) and try to run for example:

    PSKill or PSExec (Sysinternals tools).

    These should be deletected on the client, the alert should go back to SEC and these detected applications should appear in the Authorization Manager in the SAV policy in SEC (left column).  You can then authorise them as required.  This doesn't happen?  Does the alert appear against the client?

    Regards,

    Jak

    :22067
Children
No Data