This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Post detected by Wildfire

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Post detected by Wildfire

Go to solution
RFeyertag
L4 Transporter

‎06-22-2023 02:21 PM

Hello dear community, 

what means Detected (Post Detected)? 

In our case, we see pdfpower.exe incidents popping up, the user says he didn't download anything to the incident time.

I think, the agent is scanning the OS, when there is allready a quarantaine or blacklist entry?

What do you think? 

RFeyertag_0-1687468667966.png

 

BR 

 

Rob

 

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
PiyushKohli
L4 Transporter

‎09-22-2023 03:07 AM

Hi @Kavurisowmya 

 

"Prevented (Post Detected)" indicates that the verdict for a process has been changed to malware from benign and an agent terminated because the process was still running.

While "Detected (Post Detected)" as shared above by @nsinghvirk indicates that the verdict for a process has been changed to malware from benign and that process was executed in the past but not running anymore.

 

Hope this helps!

Please mark the response as "Accept as Solution" if it answers your query.

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
nsinghvirk
L4 Transporter

‎06-23-2023 07:54 AM

Hello @RFeyertag 

Detected (Post Detected) means that a particular file was earlier detected and since then its verdict has flipped from benign to malware. This happens when XDR waits for wildfire verdict for file whose's verdict is unknown and meanwhile Local Analysis has given a benign verdict, later wildfire comes with malware verdict. File was already executed and XDR generates a high severity alert with action as Detected (Post Detected).

Go to solution
Kavurisowmya
L1 Bithead

‎09-21-2023 11:34 PM

What does Prevented (Post detected) mean?

Kavurisowmya_0-1695364428571.png

 

0 Likes Likes

Go to solution
PiyushKohli
L4 Transporter

‎09-22-2023 03:07 AM

Hi @Kavurisowmya 

 

"Prevented (Post Detected)" indicates that the verdict for a process has been changed to malware from benign and an agent terminated because the process was still running.

While "Detected (Post Detected)" as shared above by @nsinghvirk indicates that the verdict for a process has been changed to malware from benign and that process was executed in the past but not running anymore.

 

Hope this helps!

Please mark the response as "Accept as Solution" if it answers your query.

0 Likes Likes

Go to solution
RFeyertag
L4 Transporter
In response to PiyushKohli

‎09-22-2023 08:24 AM

Thank you very much for this clarification! 

 

BR

 

Rob

0 Likes Likes
  • 1 accepted solution
  • 2976 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks