Applies To: ThreatSync
When an unknown file is in the process of classification in WatchGuard Endpoint Security, it appears as an Unknown Program in ThreatSync. After Endpoint Security reclassifies the program as malware or goodware, ThreatSync automatically performs these actions:
- Recalculates the incident risk score
- Updates the Incident Type on all incident lists and the Incident Details page
- Re-runs automation policies against the incident based on the new incident type
If an unknown program is blocked by Endpoint Security and then is reclassified as goodware, the program remains blocked. You can manually unblock it on the Incident Details page. For more information, go to Perform Actions in ThreatSync.
For more information on reclassification in WatchGuard Endpoint Security, go to File Classification and Reclassification.
Incident Types and Triggers in ThreatSync