Viewing discovered files
Discovered Items > Filesto view files from all devices that generate Intensive Protection events.
To generate file discovery events, your environment must include devices that can generate these events. Until file discovery runs on these devices, the list is empty. See:
The Intensive Protection settings determine what files are suspicious. These settings are included in the Default Intensive Protection Policy or the Antimalware Policy.
You can view the details of a file and manage any file from the
The KPI bar on the
Fileslist page lets you glance through a quick summary of the file detections.
Shows the total number of the files in your environment. If the same file appears on multiple devices, the file is included only once in this total.
Shows the total count of denied files, allowed files, suspicious detections, and blocked files in your environment.
Shows the number of denied files that an administrator added to the deny list.
Shows the number of files that an administrator allowed as exceptions so that the Intensive Protection policy no longer detects these files as suspicious.
Shows the number of suspicious files that Intensive Protection blocked.
Shows the total number of suspicious files that Intensive Protection detected.
You can customize the column list to change the view. Open the menu next to the column count and select
Customize Columns. You can also export the file list data. See:
You can take action on files in the
Fileslist. Select the file, then select the three-dot menu to the right of selection, and choose the action from the drop-down menu. You can select multiple files.
Add to Allow List
Add the selection to exceptions in an Allow List policy. See:
Add to Deny List
Adds hashes for the selection to a Deny List policy. See:
Adds an allow rule for the selected files to an Application Control policy.
Adds a block rule for the selected files to an Application Control policy.
Make Trusted Updater
Adds the selected files as trusted updaters. See:
Send to VirusTotal
Runs VirusTotal on the selected file. VirusTotal is a public malware checker.
Hides the file to help you view the list more easily. See:
Initiates a process dump from a device on which the file appears. See:
Submit to Sandbox
Submits the selected files for analysis. See:
Get a file from a device for further analysis. See:
Quarantine the selected files. See:
Discovered Items > Applicationsto view all applications that are discovered on your devices. See: