If a threat has been detected by GoToResolve EPP, where can I find more details about the specific threat detected? For example:
Scan result:
Hi @Boyd B.,
If you have installed GoToResolve Endpoint Protection, there should be an icon in the system tray that can be clicked on for more information.
I suppose that is one of the problems here. I don't have a subscription for EPP, yet I still see some information related to that product. If you're going to display a threat indicator for those of us that don't have the subscription, you should provide more details than you do right now.
It does also work with other antivirus providers, so you can run updates and scans but you would still need to go to the antivirus software on the computer to see the details if something was discovered. I'm sure more useful information and actions will be added as we continue to roll out updates.
I appreciate the suggestion Glenn, but Windows Defender on the target machine is reporting no threats at all. Is the threat reported by GoToResolve is true or false? Without more detail, I am stuck.
Understood. So I think we talked about this already in another post. My understanding is that in this situation Windows Defender scanned and may have initially registered 'something', but it ultimately decided that there was nothing of concern. Resolve is picking up on the fact that 'something' was potentially detected so it is showing a notification. Your local AV should be the one you pay attention to at the end of the day.
Improvements to EPP in Resolve will correct this miscommunication. I will try to find out more about this from the team next week.
Revisiting this topic.
There is zero benefit to this feature as it is currently implemented. Why are you providing the Threat Found indicator, without also providing the reason it is being displayed? What is the logic behind this decision?
I really think correcting this feature's shortcomings should be a very high priority.
So - some great progress on this topic. I can now see the detailed reason for raising the alert.
Now, how do I make it go away if the situation has been resolved?
The Antivirus Health last scan report now shows the specific threat that was found, including a path. I definitely appreciate that improvement. Unfortunately, it is not yet a complete solution since the threat report is never cleared by the console. When can we expect that issue to be resolved?
I have the exact same issue (shaking my head)...