000039430 - How to manually block suspicious files via RSA NetWitness Platform

Document created by RSA Customer Support Employee on Nov 6, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039430
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Endpoint Advanced Agent
RSA Version/Condition: 11.3.x, 11.4,x and 11.5.x
IssueHow to manually block suspicious files via RSA NetWitness UI.
ResolutionPrerequisite: You would need to deploy NetWitness Endpoint components on both the NetWitness platform and Endpoint agents on the end-user system prior to you performing these actions.
  1. 1. Go to the Files page in UI. 
    (Version 11.5) go to the Files page.
    (Version 11.3.x or 11.4.x) go to the Investigate-Files page.
  2. Choose files that you want to block, then click 'Change File Status' button.
    User-added image

  3. Choose 'Blacklist' or 'Graylist', then select 'Block'.
    User-added image
  4. Write comments in the 'Comments' box and click the 'Save' button.