Open Endpoint Manager > Click ‘Security Sub-Systems > ‘Containment’
What is the container?
Why do some files run in the container?
Overview of the containment area
Hide / unhide the file records
Take actions on contained files
Generate a report of contained files
Why do some files run in the container?
An application could run inside the container because:
Overview of the containment area
Note: The companies and groups available for selection in the middle pane depend on the Access Scope rights assigned to the role of the currently logged-in administrator. See this wiki to read more on assignment of company access to roles.
The column headers are as follows:
File Name - The executable is running in the container. Click the file name to view its details.
File Path - The location of the contained file on the local endpoint.
File Hash - The SHA-1 hash value of the file. Each hash uniquely identifies a specific file, even if the filename changes.
# of Devices - The quantity of endpoints on which the item is contained.
Click ‘Details’ in a row to see the list of events generated by the file on the endpoint. See this wiki to read more about viewing security events.
Contained by - The reason the file was contained.
Parent Process Name - The program or service that launched the contained application.
Action - The permission level at which the file was run in the container, or the action that was taken upon it. The possible values are:
Status - The execution state of the file inside the container. The possible values are:
Xcitium Rating / Admin Rating - The trust rating of the file as set by Xcitium and the admin respectively. Files can be rated as trusted, malicious or unrecognized.
Date Contained - Date and time the file ran in the container.
Hide / unhide the file records
You can conceal file records that you do not want to see in the list. This is useful, if the list contains records of many child processes contained by a parent application run inside the container. You can restore hidden files to the list at anytime.
Hide files from the Containment interface
The files are removed from the list. You can restore them at anytime.
Restore hidden files
The hidden files are shown on the list with gray background:
The files are restored to the list.
Take actions on contained files
The controls above the list allow you to take various actions on contained files:
File Details -Opens the file and device information screen as explained above
Change rating – Allows you to rate contained files as unrecognized, trusted or malicious. Please be confident the file is safe before marking a file as trusted. Any new file ratings will be sent to endpoints during the next sync.
Export - Export the list of contained files to a .csv file. The exported file can be viewed at 'Dashboard' > 'Reports'.
Download Valkyrie report - Valkyrie is Xcitium's advanced file analysis and trust-verdict system. Each pdf report contains an in-depth breakdown on the activity an unknown file, along with an overall verdict on its trustworthiness.
You can also download and view the report at https://valkyrie.xcitium.com/ after signing into your Valkyrie account.
Check Valkyrie details - View Valkyrie analysis of the contained file at https://valkyrie.xcitium.com
See https://help.xcitium.com/topic-397-1-773-9563-Introduction-to-xcitium-Valkyrie.html for help to use the Valkyrie online portal.
Generate a report of contained files