This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask the community

How to determine when malware has been removed

Go to solution
billykajos
New Contributor II

‎01-24-2022 07:48 AM - last edited on ‎01-24-2022 11:03 AM by Moderator

Hello Netskope community, 

 

Last week I received an alert that malware was discovered by malware on a host. I reached out to owner of the host and asked him to remove the malware. The owner of the host removed confirmation however netskope portal is still showing that malware. How do I verify that the malware is removed and how does Netskope verify the malware is removed?

 

Thanks

 

Labels:
0 Likes
1 Solution
Go to solution
billykajos
New Contributor II
In response to billykajos

‎02-03-2022 07:35 AM

Actually I figured it out thanks.

View solution in original post

3 Replies 3
Go to solution
rthomson
Netskope
Netskope

‎02-03-2022 05:27 AM

The alert in SkopeIT will always remain available in the UI as a historical event.

 

By default, the filter in 'Alerts' will filter on "Acknowledged: No" . Setting this alert to "Acknowledged" will hide it from SkopeIT  (you can then also filter on Acknowledged: Yes if you want to look at previous acknowledged alerts)

 

rthomson_1-1643893444572.png

 

You can then run a retrospective Scan (Policies -> API Data Protection -> Retroactive Scan (top right) -> Select any policy to start the scan:

rthomson_2-1643893709863.png

 

This will force the API to run a new scan against your tenant. If the Malware is still present in the Cloud application, you should see a new alert (with a recent time stamp)

 

Hope that helps.

 

Thanks,

RT

 

 

 

0 Likes
Go to solution
billykajos
New Contributor II
In response to rthomson

‎02-03-2022 07:05 AM

Hey rthompson, thanks for the reply. That all makes sense and is what I expected. I guess the issue I'm running into is that in the malware view, I don't see a way to acknowledge the alert the way I do for compromised credentials. Are there specific permissions that need to be allowed to acknowledge malware alerts?

0 Likes
Go to solution
billykajos
New Contributor II
In response to billykajos

‎02-03-2022 07:35 AM

Actually I figured it out thanks.

Subscribe
Top Liked Authors
Show More
Labels

In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below

Sign In