Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who rated this post

L3 Networker

a malicious executable is found on that device, why does the alert show as "Detected (Scanned)" for the file? 

Detected (Scanned) means we detected the file as malware during the scan.


Is the endpoint protected from that malicious executable?

Yes, because the default policy is in block mode


Based on the default setting, would that file be blocked if it attempted to execute and since it is dormant, it has only been identified during the scan but no action is necessary (other than an alert)?

yes it will be blocked, there is a setting to change quarantine malicious executable where you can change it to Quarantine Wildfire Malware verdict so that way file that is scanned and if it has WF malware verdict then it will be quarantined. Step 3 --> option 2 from the link below


View solution in original post

Who rated this post