During the training of Adaptive Anomaly Control rules in the Smart mode, events about detections are added to the Detections of Adaptive Anomaly Control rules repository of the Quarantine. When processing the list of detections, you can either confirm them or add to exclusions, depending on whether a detection is actually anomalous behavior or not.
We recommend that you process detections at least once a week. Otherwise, the training of the rules may never complete and the rules may not start blocking malicious activity on devices.
To process Adaptive Anomaly Control detections:
The Quarantine section contains a list of objects belonging to the following categories: Quarantine and backup, Unprocessed files, and Detections of Adaptive Anomaly Control rules.
The page displays all active detections that have not been processed.
From the displayed table, you can proceed to the following:
The Detection details window opens.
You can add up to 1000 exclusions for all rules.
The detections are processed.
Page top