Alerting positive 'allow and scan'

(Lior) #1

Setting a rule for action ‘allow and scan’ poses an issue:
Should a user download a file which is sent to scanning and found malicious, the next download attempt will be blocked, however admin is not in any way notified that a user was infected having downloaded this file.

Is there currently a way to achieve this?


good luck with the new community :slight_smile:

(Haggai Polak) #2

Hi and welcome to communities,

We have a feature called “patient-zero alerting” which is designed exactly to perform this function - it sends an email notification and tracks in a new dashboard widget such allowed files that were found malicious. The feature is still “limited availability” and we can enable it for you - please contact your account team. It will be general availability in a future release.

(Lior) #3

Alright Haggai, will do.
Thanks !