When you enable the latency monitor, the Sensor stops detecting controlled files
Last Modified: 2024-01-24 12:31:36 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
When you enable the latency monitor, the Sensor stops detecting controlled files
Technical Articles ID:
KB94113
Last Modified: 2024-01-24 12:31:36 Etc/GMT Environment
Trellix Intrusion Prevention System
Problem
When you enable the latency monitor, the Sensor no longer detects controlled files. The Sensor no longer blocks Block-listed files and malware, and no alert is generated. From the private mode, you issue the command The files that aren't blocked are within the configured file size for malware scanning:
Total Sofa Dcap Start Count: 0 Total Sofa Dcap End Count: 0 Total Sofa Dcap End At Offset Count: 0 Total Sofa Dcap Focopy Pktdrop Count: 0 When you then issue the Cause
When latency is detected, the Sensor switches to the latency-management mode, which mitigates latency by optimizing processes. In this mode, the situation is continuously monitored to check if the latency is mitigated. Optimization of processes might include disabling the attack detection and packets being forwarded without attack detection. The Sensor switches to the layer-2 mode, if enabled, when latency isn't mitigated even after running the optimization processes. NOTE: For more details, see the Sensor latency monitor management section, of the Trellix Intrusion Prevention System Troubleshooting Guide. Solution
Turn off the latency monitor:
Affected ProductsLanguages:This article is available in the following languages: |
|