Issue
When resolving Unwanted Software threats and selecting the option for "I would prefer not to see threats in the future regarding ..." it seemingly, does nothing. I selected this option for three separate threats that were published for a particular piece of software, but the threats were still published nonetheless. It definitely does not match my expectation that I would not be notified about this alert from this user again. Is there something wrong with this feature?
Environment
Red Canary
Threats
Resolution
The publication of threats that are categorized as Unwanted Software is handled by an autobot. Any notes that are added are essentially ignored. You'll see a note on these kinds of threats that says the following: "You can manage whether this application is detected or observed from the Applications page: <application_name>".
The checkbox is designed for when there are Suspicious or Malicious threats that are published. These categories of threats are analyzed by a human that would be able to see if a note was added for a specific kind of threat and would be acted upon accordingly.
In summary, notes left on threats that are categorized as Unwanted Software are ignored. Please use Applications to manage these kinds of threats. See Configure how Red Canary handles software that you don't want in your environment for more information on configuration.
Comments
0 comments
Please sign in to leave a comment.