Hi
For the threat protection scanning,
1) What is the scan policy setting?
2) How do I show what are the file being scanned?
thank
Userlevel 3
+11
Hello Munster,
This will give you information about the TP scanning policy:
All files are scanned according to the policy you configured. If any files are convicted you will see them under Incidents > Threat Protection.
HTH
HI Frosa
Thank
Actually, I was referring to this “default malware scan”
Does the logging also log file that was scanned as clean?
Thank
Userlevel 3
+11
No, it doesn’t. just convictions are logged as alerts.
Hi Frosa
Regarding the “Default Malware Scan”, can we know what is the setting so that we can customize for each profile?
For the logging only malicious file, how can I do forensics investigation if there is no logging of clean file?
Thank
Userlevel 3
+11
Munster,
Netskope only offers our own Threat intelligence for AV scanning so that is the only option available. There is no customization available besides bypassing scanning based on hashes and filetypes.
About logging clean verdicts, we don’t do it but in case you get a FP using your EDR solution for example, you can always submit a False-positive through support and we will investigate it for you.
Please let me know if you have any additional questions
Fabio
Hi Frosa
Thank for the info
If a file detected as malware, we will like to know if it came from email, online collobration, web, usb, etc. Not logging clean verdict, then the IR will not be complete.
How about FN? We will not report the malware if SkopeIT didnt have a record that transited thru Netskope
thank
Reply
Login to the community
If you haven't already registered, now is a good time to do so. After you register, you can post to the community, receive email notifications, and lots more. It's quick and it's free! Create an account
Login with SSO
Employee Partneror
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.