OK so let me be more specific. You can only browse events under Event tab that will give you all the details such as event names, Device Trajectory, File trajectory, Detection, etc.. for 30 days how ever you can get summarized reports by default W...
Not sure If I follow. If you want to block that particular file winvnc.exe you will need to either grab that file and upload to Blocked Application or determine/calculate the SH256 of that file and add that hash instead once you add that apply the Bl...
You can also create your own list under Outbreak Control ---> Application Control - Blocked Applications then apply that list to your policy. This will only work on *.EXE files and it will block that application from running.
I'm not sure what you mean by creating <rolling 3 months analysis> but there is retention policy in place for AMP where we only keep data available to you for 30 days. Anything older than 30 days is automatically purged. If you are looking for some t...
Seem like legitimate attack but not enough information to be 100% positive. If you like to investigate this incident more deeper you can always open TAC case and let us look in to that with you. Also as reminder. Most IOCs are generated by the AMP Co...