Solved

How to determine when malware has been removed

  • 24 January 2022
  • 3 replies
  • 27 views

Badge +1

Hello Netskope community, 

 

Last week I received an alert that malware was discovered by malware on a host. I reached out to owner of the host and asked him to remove the malware. The owner of the host removed confirmation however netskope portal is still showing that malware. How do I verify that the malware is removed and how does Netskope verify the malware is removed?

 

Thanks

 

icon

Best answer by billykajos 3 February 2022, 16:35

View original

3 replies

Userlevel 1
Badge +9

The alert in SkopeIT will always remain available in the UI as a historical event.

 

By default, the filter in 'Alerts' will filter on "Acknowledged: No" . Setting this alert to "Acknowledged" will hide it from SkopeIT  (you can then also filter on Acknowledged: Yes if you want to look at previous acknowledged alerts)

 

 

You can then run a retrospective Scan (Policies -> API Data Protection -> Retroactive Scan (top right) -> Select any policy to start the scan:

 

This will force the API to run a new scan against your tenant. If the Malware is still present in the Cloud application, you should see a new alert (with a recent time stamp)

 

Hope that helps.

 

Thanks,

RT

 

 

 

Badge +1

Hey rthompson, thanks for the reply. That all makes sense and is what I expected. I guess the issue I'm running into is that in the malware view, I don't see a way to acknowledge the alert the way I do for compromised credentials. Are there specific permissions that need to be allowed to acknowledge malware alerts?

Badge +1

Actually I figured it out thanks.

Reply