Anti-Bot
Anti-Bot detects and prevents bot activity while you are in the organizational network or outside of it. A bot is malicious software that neutralizes Anti-Virus defenses, connects to a Command and Control center for instructions from cyber criminals, and carries out the instructions.
From the Endpoint Security Main Page, click Anti-Bot and URL Filtering to see the options:
-
Current Status - A summary of the Anti-Bot status and policies of your computer. The status can be:
-
On - Functioning correctly.
-
Off - Disabled in the policy.
-
Initializing - Anti-Bot is still starting.
-
Not Running - An error is preventing the Anti-Bot from working. Contact your administrator.
-
Infected - A bot was detected/prevented on your computer. The status changes from infected based on the policy configured by your administrator.
-
-
Infections - Shows a list of bot activities that were detected. Anti-Bot can be set to Detect or Prevent mode. It does not delete the bot.
This information is shown for each detection:
-
Protection Name - Name of the bot.
-
Action Taken - Shows if the bot was detected or prevented.
-
URL - The location to which the bot tries to connect.
-
Process Name - The name of the process accessing the URL.
-
Process ID - The PID of the process accessing the URL.
-
User Name - The User Name of the process accessing the URL.
-
Parent Process Name - The name of the process executing the process accessing the URL.
-
Parent Process ID - The process ID of the program that is currently accessing the URL.
-
Parent User Name - The user name of the process executing the process accessing the URL.
-
First Infection Time - When the file was detected.
-
Last Infection Time - Most recent time the file was detected.
When an infection is prevented, this message shows:
"Your computer is trying to access a malicious server: [URL]. For more information and remediation, please contact your help desk."
The message that a bot has been prevented also shows in your network browser.