01-24-202207:48 AM - last edited on 01-24-202211:03 AM by kh_jenn
Hello Netskope community,
Last week I received an alert that malware was discovered by malware on a host. I reached out to owner of the host and asked him to remove the malware. The owner of the host removed confirmation however netskope portal is still showing that malware. How do I verify that the malware is removed and how does Netskope verify the malware is removed?
The alert in SkopeIT will always remain available in the UI as a historical event.
By default, the filter in 'Alerts' will filter on "Acknowledged: No" . Setting this alert to "Acknowledged" will hide it from SkopeIT (you can then also filter on Acknowledged: Yes if you want to look at previous acknowledged alerts)
You can then run a retrospective Scan (Policies -> API Data Protection -> Retroactive Scan (top right) -> Select any policy to start the scan:
This will force the API to run a new scan against your tenant. If the Malware is still present in the Cloud application, you should see a new alert (with a recent time stamp)
Hey rthompson, thanks for the reply. That all makes sense and is what I expected. I guess the issue I'm running into is that in the malware view, I don't see a way to acknowledge the alert the way I do for compromised credentials. Are there specific permissions that need to be allowed to acknowledge malware alerts?