Release 19.3 introduces Webroot Endpoint Forensics – File Intelligence Views. These let Administrators’ quickly get relevant information on any threat or unknown files within their network and compliments the release of the ‘dwell time’ reporting we introduced in our last release. This new feature is also part of our longer term plan to provide more context to Administrators’ on the threat landscape within their endpoint environment.
NEW – Endpoint Forensics - File Intelligence Views – Administrators need to understand the risks posed by threats and ‘undetermined’ file types. Our endpoint forensics file intelligence views provide that insight quickly and easily for any filename.
- NEW – Endpoint Forensics - File Intelligence Views – Administrators can access these views by clicking on any filename in the console. They will then see:a. Agent, Rule and Cloud determination information (when hovering the mouse cursor over a determination).
- b. Integrated Webroot Intelligence Network (WIN) data providing information on the first time that a file has been first seen (FS) by WIN and its Global ‘popularity’ (how much it has been seen by others).
- c. Product/Vendor links to Google - to allow the Admininstrator to get a wider context on the file – useful for occasions when they are unsure on the classification.
- d. Ability to override the file, for white or blacklisting purposes.
- e. Console popularity – how many times it has been seen within the console deployment and when.
- f. Endpoint Dwell time – how long the file has been seen on the device in question.
An example of a single threat seen twice with a ‘0s’ zero seconds (instantly remediated) Dwell Time
For further information on ‘Dwell Time’ please visit the help link at:
http://live.webrootanywhere.com/content/1330/About-Dwell-Time