The Anomalies panel provides a list of image hooks, suspicious threads, kernel hooks, and registry discrepancies running on the host. To access this tab, select a host from the Hosts view and click the Anomalies tab.
What do you want to do?
*You can perform this task in the current view.
- Focusing on Endpoint Analysis
- Investigating Hosts
- Analyzing Events
- Changing File Status or Remediate
- Analyzing Downloaded Files
Below is an example of the Anomalies tab:
Agent and Scan Details. You can view the following agent and scan details of the selected host:
Host name - Name of the host. For example, WIN-ABC.
Risk score - Risk score of the host.
Operating System - Operating system on which the agent is running (Linux, Windows, or Mac).
Agent Scan Status - Current status of the scan - Idle, Scanning, Starting Scan, or Stopping Scan. For more information, see Scan Hosts.
Agent Version - Version of the agent. For example, 220.127.116.11.
Actions in the toolbar:
Change File Status - Provides capabilities to manage suspect and legitimate files and block malicious or infected file to prevent future execution of the file on any host. For more information, see Changing File Status or Remediate.
Analyze Events - Lets you investigate a particular host, IP address, username, filename, or hash to get the entire context of the activity. For more information, see Analyzing Events.
More - Provides options to:
|3||Search on Snapshots. Lets you search on all snapshots (file name, file path, and SHA-256 checksum). For more information, see Search on Snapshots.|
Details Panel - Displays the following tabs:
|5||Show/Hide Right Panel - Displays the following properties in the right panel:|
|6||Clicking a filename lets you navigate to the Files view for further analysis.|
Image hooks found in executable image are displayed in the following columns.
Hooks found on kernel objects are displayed in the following columns.
Threads whose service table was hooked are displayed in the following columns.
Configuration settings and options on Microsoft Windows operating systems that are stored are displayed in the following columns.