FCS revises the classification of the core based on its database.

The core only assigns a classification if FCS is not available.

FCS is responsible for all classifications.

The core is responsible for all classifications if FCS playbooks are disabled.

The device cannot be remediated.

The execution prevention policy has blocked this event.

The event was blocked because the certificate is unsigned.

Device C8092231196 has been isolated.

The NGAV policy has blocked TestApplication.exe.

FCS classified the event as malicious.

TestApplication.exe is sophisticated malware.

The user was able to launch TestApplication.exe.

By insurance against ransomware

By preventing data exfiltration or encryption even after a breach occurs

By real-time filtering to prevent malware from executing

By using methods used by traditional EDR

TCL

Bash

Perl

Python

Exfiltration Prevention

Execution Prevention

Device Control

Ransomware Prevention

The policy is in simulation mode.

The device is moved to isolation.

The event has been blocked.

Playbooks is configured for this event.