Skip Navigation

Event responses

The
Optics
agent can execute the following response actions when a detection event is triggered:
Response
Description
Application Log
The agent logs detection events to the
Windows
application log.
Delete Files
The agent permanently deletes any file artifacts that are identified as an artifact of interest (AOI).
Delete Registry Keys
The agent permanently deletes the entire registry key of any AOI that are identified as registry artifacts.
Delete Registry Values
The agent permanently deletes the registry value of any AOI that are identified as registry artifacts.
Log Off All Users
The agent logs off all users that are currently logged into the system.
Log Off Inactive Users
The agent logs off all users that currently have an inactive session on the system.
Log Off Remote Users
The agent logs off all users that currently have a remote session established on the system.
Notification Window
The agent displays a notification window with the detection notification message that you specified, using the native OS notification box instead of the
Protect
agent.
Suspend Processes
The agent suspends any process artifacts that are identified as an AOI.
Suspend Process Tree
The agent suspends the entire process tree of any process artifacts that are identified as an AOI. The AOI is treated as the root of the tree.
Terminate Processes
The agent terminates any process artifacts that are identified as an AOI.
Terminate Process Tree
The agent terminates the entire process tree of any process artifacts that are identified as an AOI. The AOI is treated as the root of the tree.