Open Endpoint Manager > Click ‘Security Sub-Systems > ‘Containment’
Why do some files run in the container?
Overview of the containment area
Take actions on contained files
Why do some files run in the container?
An application could run inside the container because:
Overview of the containment area
The interface lists all contained files and the devices on which they are running. The column headers are as follows:
File Name - The executable is running in the container. Click the file name to view its details.
File Path - The location of the contained file on the local endpoint.
File Hash - The SHA-1 hash value of the file. Each hash uniquely identifies a specific file, even if the filename changes.
Number of Devices - The quantity of endpoints on which the item is contained.
Note: VirusScope must be enabled in the device profile to view file activity. See VirusScope Settings for more details.
Contained by - The reason the file was contained.
Parent Process Name - The program or service that launched the contained application.
Action - The permission level at which the file was run in the container, or the action that was taken upon it. The possible values are:
Status - The execution state of the file inside the container. The possible values are:
Comodo Rating / Admin Rating - The trust rating of the file as set by Comodo and the admin respectively. Files can be rated as trusted, malicious or unrecognized.
Date Contained - Date and time the file ran in the container.
Take actions on contained files
The controls above the list allow you to take various actions on contained files:
File Details -
Opens the file and device information screen as explained above
Change rating – Allows you to rate contained files as unrecognized, trusted or malicious. Please be confident the file is safe before marking a file as trusted. Any new file ratings will be sent to endpoints during the next sync.
Record – Remove, or change the visibility of the file in the list. You can apply the action multiple files at a time. Note – ‘Delete Record’ doesn’t remove the file from the endpoint. It only removes it from this list.
Export - Export the list of contained files to a .csv file. The exported file can be viewed at 'Dashboard' > 'Reports'.
Download Valkyrie report - Valkyrie is Comodo's advanced file analysis and trust-verdict system. Each pdf report contains an in-depth breakdown on the activity an unknown file, along with an overall verdict on its trustworthiness.
You can also download and view the report at https://valkyrie.comodo.com/ after signing into your Valkyrie account.
Check Valkyrie details - View Valkyrie analysis of the contained file at https://valkyrie.comodo.com
See https://help.comodo.com/topic-397-1-773-9563-Introduction-to-Comodo-Valkyrie.html for help to use the Valkyrie online portal.