This list shows those files in which Adaptive Defense 360 has detected a risk despite their classification is not fully complete.
These files are blocked during the time it takes to fully classify them.
At the top of the window there is a search tool that allows you to choose between viewing a list of the items that are currently blocked or a history of every item blocked so far:
Filter (1) restricts the search indicated in text box (2):
Computer: The search string will be applied to the computer name.
Name: The search string will be applied to the name of the blocked file.
Date: The search string will be applied to the date when the item was blocked.
MD5: The search string will be applied to the MD5 hash value of the blocked file.
Infection source: The search string will be applied to the computer that the blocked item originated from.
Filter (3) filters the items on the list by the protection mode in which Adaptive Defense 360 was configured when the item was blocked (Lock or Hardening), as well as by the actions taken by the process: Access to data files and Communications (only if the process was allowed to run before being blocked and its actions were logged by the system).
The Currently blocked table fields are as follows:
Computer: Name of the computer where the unknown file was found.
Name: Name of the unknown file.
Path: Path in which the unknown file was detected.
Accessed data: The unknown file has accessed files located on the user's computer.
Made external connections: The unknown file has communicated with remote computers to send or receive data.
Protection mode: Specifies the mode that the protection was configured in at the time of detecting the unknown file.
Likelihood of being malicious: Medium, High, Very High.
Date: Date when the unknown file was first seen.
Filter (1) restricts the search indicated in text box (2):
Computer: The search string will be applied to the computer name.
Name: The search string will be applied to the name of the blocked file.
Date: The search string will be applied to the date when the item was blocked.
MD5: The search string will be applied to the MD5 hash value of the blocked file.
Filter (3) allows you to filter the items on the list by the following criteria:
Lock: The advanced protection mode enabled when the item was blocked.
Hardening: The advanced protection mode enabled when the item was blocked.
Access to data files: The unknown file has accessed files located on the user's computer.
Communications: The unknown file has communicated with remote computers to send or receive data.
Blocked: The unknown file has been blocked.
Reclassified as GW: The unknown file has been classified as goodware.
Reclassified as MW: The unknown file has been classified as malware.
Reclassified as PUP: The unknown file has been classified as a PUP.
Excluded (Yes): The unknown file has been unblocked/excluded by the administrator, allowing it to run.
Excluded (No): The unknown file has not been unblocked/excluded by the administrator.
The History table fields are as follows:
Computer: Name of the computer where the unknown file was found.
Name: Name of the unknown file.
Path: Path in which the unknown file was detected.
Action: Action taken:
Blocked: The unknown file has been blocked.
Reclassified as GW: The unknown file has been classified as goodware.
Reclassified as MW: The unknown file has been classified as malware.
Reclassified as PUP: The unknown file has been classified as a PUP.
Accessed data: The threat has accessed files located on the user's computer.
Made external connections: The threat has communicated with remote computers to send or receive data.
Protection mode: Specifies the mode that the protection was configured in at the time of blocking the item.
Excluded: Indicates whether or not the item was excluded from monitoring.
Likelihood of being malicious: Medium, High, Very High.
Date.
Click the arrow after the Date column to display additional information about the item, for example, detection technology, infection source user and IP address, as well as other details regarding the item's life cycle and the number of times it has been seen on the network.
Use the option Do not block again to prevent the item from being blocked again in the future. Finally, click View activity graph to access a visual representation of the actions performed by the item.
Click the 
icon in the
Action column to display the command
line and execution parameters used in the attack.
You can copy this data by selecting the text and using the Copy-Paste
option in the context (right-click) menu.
You can also export this information. Use the option to export the blocked item's life cycle to .CSV format. You'll find it in the upper-right corner of the window.
