Viewing discovered files

Discovered Items > Files
to view files from all devices that generate Intensive Protection events.
To generate file discovery events, your environment must include devices that can generate these events. Until file discovery runs on these devices, the list is empty. See:
The Intensive Protection settings determine what files are suspicious. These settings are included in the Default Intensive Protection Policy or the Antimalware Policy.
You can view the details of a file and manage any file from the
list. See:
The KPI bar on the
list page lets you glance through a quick summary of the file detections.
Total Files
Shows the total number of the files in your environment. If the same file appears on multiple devices, the file is included only once in this total.
Total Detections
Shows the total count of denied files, allowed files, suspicious detections, and blocked files in your environment.
Shows the number of denied files that an administrator added to the deny list.
Shows the number of files that an administrator allowed as exceptions so that the Intensive Protection policy no longer detects these files as suspicious.
Threats Prevented
Shows the number of suspicious files that Intensive Protection blocked.
Suspicious Detections
Shows the total number of suspicious files that Intensive Protection detected.
You can customize the column list to change the view. Open the menu next to the column count and select
Customize Columns
. You can also export the file list data. See:
You can take action on files in the
list. Select the file, then select the three-dot menu to the right of selection, and choose the action from the drop-down menu. You can select multiple files.
Add to Allow List
Add the selection to exceptions in an Allow List policy. See:
Add to Deny List
Adds hashes for the selection to a Deny List policy. See:
Adds an allow rule for the selected files to an Application Control policy.
Adds a block rule for the selected files to an Application Control policy.
Make Trusted Updater
Adds the selected files as trusted updaters. See:
Send to VirusTotal
Runs VirusTotal on the selected file. VirusTotal is a public malware checker.
Hides the file to help you view the list more easily. See:
Process Dump
Initiates a process dump from a device on which the file appears. See:
Submit to Sandbox
Submits the selected files for analysis. See:
Get File
Get a file from a device for further analysis. See:
Quarantine File
Quarantine the selected files. See:
Discovered Items > Applications
to view all applications that are discovered on your devices. See: