Responding to Alerts

The majority of the alerts you see are New Application alerts. These alerts occur when a program on your computer requests access or server permission to the Internet or your local network. Use the New Application alert to give access permission to applications that need it, such as your browser and e-mail program.

Some applications or processes require server permission to function correctly. Some processes are used by Microsoft Windows for legitimate functions. Some example of alerts:

• lsass.exe

• spoolsv.exe

• svchost.exe

• services.exe

• winlogon.exe

If you do not recognize the applications or process that requests for server permission, search the Microsoft Support Web site for information. Many legitimate Windows processes, which includes those listed above, can possibly be used by hackers. If you were not browsing files, logging onto a network, or downloading file when the alert appeared, then the safest decision is to deny server permission. If you see many server application alerts, you might want to run an Anti-Malware scan as an added precaution.

Other alerts you might see are the New Network alert and VPN Configuration alerts. These occur when the client detects a network connection or VPN connection. They help you configure your network and program permissions correctly for you to work securely over your network.

Compliance makes sure that:

• All required Endpoint Security packages, with version updates, are installed on your computer.

• Required operating systems, with versions, service packs, and updates are installed on your computer.

• Only approved programs are installed and running on your computer.

Compliance alerts show when your computer does not align with the Compliance Policy. This can occur if there are changes to the Compliance rules or your computer configuration. If Endpoint Security determines that your computer is not compliant, a compliance alert shows with this information:

• One of these Compliance states:

  • Warning - Your computer is not compliant but you can continue to use network resources. Do the steps to make your computer compliant as quickly as possible.

  • About to be restricted - Your computer is not compliant. You must make your computer compliant immediately. If you do not do this, access to network resources from your computer will be restricted.

  • Restricted - Your computer is not compliant. Access to network resources from your computer is restricted until you make your computer compliant.

• Instructions for making your computer compliant with the policy.

Anti-Malware Alerts show files infected by malware. Deleted and cured infections do not require any user interactions. In some cases, Anti-Malware can possibly users to reboot their computer to conclude the infection removal process.

Threat Emulation and Anti-Exploit always do an analysis of files on your computer.

If you see a message that a threat was detected or quarantined, it is not necessary to do anything. Your Endpoint Security client operates automatically to protect you from threats and your administrator will see the related logs.

To see more information about the incident, you can:

1. Right-click the Endpoint Security icon in the taskbar notification area and select Show Client.

   The Endpoint Security Home Page opens.

2. Click Menu and select Overview.

3. Click the feature that showed the alert.

4. Click an Incident ID in the table to open a report.

Anti-Ransomware Alerts show that a possible ransomware attack occurred.

Contact your technical support for more information.

If you have Media Encryption & Port Protection as part of your Endpoint Security, you might see alerts related to device scanning or encryption. Follow the on-screen instructions.

Anti-Bot Alerts show when a restricted site is detected. Follow the on-screen instructions.

URL Filtering Alerts show when a restricted site is detected. Follow the on-screen instructions.

If you only have an OK button, click on it to close the message.