Event responses
The
CylanceOPTICS
agent can execute the following response actions when a detection event is triggered:Response | Description |
---|---|
Application Log | The agent logs detection events to the Windows application log. |
Delete Files | The agent permanently deletes any file artifacts that are identified as an artifact of interest (AOI). |
Delete Registry Keys | The agent permanently deletes the entire registry key of any AOI that are identified as registry artifacts. |
Delete Registry Values | The agent permanently deletes the registry value of any AOI that are identified as registry artifacts. |
Dump Detection to Disk | The agent creates a detection data file in the CylanceOPTICS application data directory. |
Log Off All Users | The agent logs off all interactive and remote users. |
Log Off Users | The agent logs off the specified users. |
Log Off Interactive Users | The agent logs off all users that are currently physically interacting with the device. |
Log Off Remote Users | The agent logs off all users that currently have a remote session established on the system. |
Notification Window | The agent displays a notification window with the detection notification message that you specified, using the native OS notification box instead of the CylancePROTECT agent. |
Suspend Processes | The agent suspends any process artifacts that are identified as an AOI. |
Suspend Process Trees | The agent suspends the entire process tree of any process artifacts that are identified as an AOI. The AOI is treated as the root of the tree. |
Terminate Processes | The agent terminates any process artifacts that are identified as an AOI. |
Terminate Process Trees | The agent terminates the entire process tree of any process artifacts that are identified as an AOI. The AOI is treated as the root of the tree. |
Whitelist Processes | This option excludes the specified processes from being observed by CylanceOPTICS . |