We have several files on our saystems which are unknown to WSA - Unknown processes are monitored so changes can be reversed.
a) Is it advised to have really _all_ unknown files marked either as bad or good?
b) is the monitoring based on login session and will initial start on every reboot ?
c) the list with unknown files in the webconsole is showing only the first "arriving" on the unknown file.
what happens when webroot trusts that file - will this file then be also trusted in the reports?
d) how can I aggregate the list of unknown files so i see how many times a unknown file is stored on our WSA protected systems?
maybe some of the experts can give me some explanations.
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
b) Monitoring should be for all login sessions as WSA is running as a service, rather then being started by the session.
c) If a file is marked as either good or bad it no longer is unknown and should therefor not appear as unknown in any of the reports.
d) Unfortunately none of the reports list how many times as unknown file has been seen on your systems. It's a good idea, so I suggest you create a https:///t5/ideas/v2/ideaexchangepage/blog-id/ent4/ out of it.
Please let us know what other questions you might have, we're always happy to answer them.