Detection Status

Detection Status shows the suspicious behaviors detected by V3's engine, ASD 2.0. You can check the details in Detection Status Details.

From Detection Status, you can:

• Check detection status list
• Export detection status information in csv, xlsx or pdf format
• Click a detected behavior to check the process tree

Detection Status List

To check the detection status - file name, hash value, malware name, infected agent (PC name and IP address), IOC detection and detection time:

1. On the top of the web page, click Detection.
2. From the menu, select Detection > Detection Status.
3. Select Search conditions (file name, hash value and IP address) or specify the Period to search for detection information. Enter a search keyword and click Search ( ) to search for specific detection information only.

• File Name (Hash Value): The file name and hash value. Hash value will be shown only when included in the infection log. If the file is repaired (deleted), the Delete icon () will be shown.
• Malware Name: The malware name.
• Infected Agent: The agent from which the suspicious behavior was detected. The connection status, IP address and computer name will be shown. When the agent is connected to the server, the status will be green ().
• No. of Occurrence: The number of occurrences. It will show as Collecting... when the scan log (ASD log) is being collected. You can check the details when the suspicious behaviors are collected.

• Malicious Behavior: Displays detection status by malicious behavior type. The malicious behaviors include the ransomware behavior, injection, network access, system setting change, etc.
• Ransomware Behavior: A specific process changes (change the file name, modify content, delete the file) a decoy file, which is created to induce a ransomware, or detects a behavior of ransomware such as changing a Windows image file. You can monitor specific ransomware behaviors using V3 Behavior Watcher and can detect ransomware in a user PC. Behavior Watcher allows detecting malicious codes by analyzing specific behavior patterns, not by updating signatures. V3 Behavior Watcher detects ransomware using the Decoy file with behavior-based diagnosis.
• Injection: Indicates a behavior writing a malicious code in the system memory (screen saver, IE tools, IE BHO, startup programs, etc). The malicious code can have a new malicious activity. Detects a behavior of injecting a malicious code to a system or writing a malicious code to the process memory.
• Network Access: Detects an abnormal traffic in the network including DDoS and a behavior that a unknown program initially attempt to access the overseas IP addresses. You should be very cautious as the Internet connection of a untrusted program can be a malicious behavior.
• System Settings Change: Detects a behavior of running a process (rundll32.exe, svchost.exe, etc) in a suspicious way or modifying the system registry to change the security level (Change Window firewall settings, network security settings or booting files). It could be a malicious code abusing the vulnerability or a behavior of hiding itself using a process.

• IOC Detection: The IOC detection in scan log (ASD log). If IOC is not uploaded, the IOC Detection column will not be displayed.

• Detection Time: The detection time.

Note

 If IOC is not uploaded the IOC Detection column will not be displayed.

4. Click a detection status from the list to check the process tree from Detection Status Details.

Period

Select the period to search - Last 24 hours, Last 48 hours, Last 7 days, Last 14 days or Last 30 days - or click User-defined to specify the period.

Export

Select Export  on the bottom of the page to save the information in csv, xlsx or pdf format.