How to view a list of all programs that have been executed inside the containment on ITSM?

Release Time
08/16/2017
Views
533 times
Category
Security Sub-System
Tags

The rules that are set in the containment profile section identifies certain  applications/files in the device.Such files will be listed under  “Containment” menu  in the ITSM. The containment provides a protected environment to run such unrecognized application.The advantage of running from the containment is, the application are not allowed to access the data on the remote  machines.

Step [1]: Go to “Security Sub-Systems” and select “Containment” menu.All the containment files will be listed in here.

Step [2]: The files can be filtered and sorted out using the filter option.To apply filters, click the funnel icon , and fill the form and click "Apply" button .

1.Name - Enter the name of the file.Example :rundll32.exe
2.Path - Enter the path.
3.Hash - Enter the hash value.
4.Status - Provide the status .Example:Complete
5.Last run date - Provide the last run date.Exmaple : From :2017-02-08 To:2017-02-08
6.Show ignored files - Choose the check box, to display the Ignored files.

Step [3]:Click on the name of the file, view the details on “File Info” and “Device List”.

1.File Info -  The detailed information about the file such as “Hash value”,”age ”,”version” will be available here.

2.Device List -  The details of the device will be mentioned here.


Step [4]:A file can be rated either as “Malicious” or “Trusted”. To rate a file, select the check boxes of one or more files and click “Rate as Trusted” or “Rate as Malicious”.

Step [5]:A file can be removed from the contained list by clicking the name of the files and click the “clean history from file list” button, a “Delete File History” prompts open and then click confirm button. Thus file will be removed.