cancel
Showing results for 
Search instead for 
Did you mean: 

How to determine when malware has been removed

billykajos
New Contributor II

Hello Netskope community, 

 

Last week I received an alert that malware was discovered by malware on a host. I reached out to owner of the host and asked him to remove the malware. The owner of the host removed confirmation however netskope portal is still showing that malware. How do I verify that the malware is removed and how does Netskope verify the malware is removed?

 

Thanks

 

1 ACCEPTED SOLUTION

Actually I figured it out thanks.

View solution in original post

3 REPLIES 3
rthomson
Netskope
Netskope

The alert in SkopeIT will always remain available in the UI as a historical event.

 

By default, the filter in 'Alerts' will filter on "Acknowledged: No" . Setting this alert to "Acknowledged" will hide it from SkopeIT  (you can then also filter on Acknowledged: Yes if you want to look at previous acknowledged alerts)

 

rthomson_1-1643893444572.png

 

You can then run a retrospective Scan (Policies -> API Data Protection -> Retroactive Scan (top right) -> Select any policy to start the scan:

rthomson_2-1643893709863.png

 

This will force the API to run a new scan against your tenant. If the Malware is still present in the Cloud application, you should see a new alert (with a recent time stamp)

 

Hope that helps.

 

Thanks,

RT

 

 

 

billykajos
New Contributor II

Hey rthompson, thanks for the reply. That all makes sense and is what I expected. I guess the issue I'm running into is that in the malware view, I don't see a way to acknowledge the alert the way I do for compromised credentials. Are there specific permissions that need to be allowed to acknowledge malware alerts?

Actually I figured it out thanks.