Endpoint
允许您根据来自客户端病毒防护的事件触发规则。
属性 |
类型 |
说明 |
示例 |
|---|---|---|---|
DetectionType |
检测类型 |
可能的值为: •0—UnknownAlarm •1—RuleActivated •2—MalwareFoundOnDisk •3—MalwareFoundInMemory •4—ExploitDetected •5—FirewallDetection •6—HipsDetection •7—BlockedAddress •8—CryptoBlockerDetection |
|
Scanner |
触发事件的扫描程序的名称 |
AMSI |
|
ScannerObjectType |
扫描程序已处理的对象类型 |
可能的值为: •None •Packed •SFX •Script •URL |
|
Severity |
检测的严重级别 |
可能的值为: •1—Information •2—Warning •3—Threat |
|
ThreatHandled |
布尔值 |
是否已处理威胁的相关信息 |
true/false |
ThreatName |
字符串 |
威胁的名称 |
|
ThreatType |
整型/符号 |
威胁的类型 |
可能的值为: •1—Malware •2—Nearmiss •3—PUA •4—DangerousApp •BlockedFile o5—BannedByEI o6—BannedByECMPS •7—UnsafeApp |
对于属性 Scanner,有一个预定义的值范围可以使用:
ESETInspect |
EsetLiveGuard |
OnDemandScannerWindows |
RealtimeFileSystemProtection |
StartupScanner |
ECLS |
DocumentProtection |
IdleScanner |
FirstScanScanner |
RansomwareScanner |
ESCRIPT |
JavaScriptScanner |
EmailFilterOutlook |
EmailFilterOutlookExpress |
EmailFilterThunderbird |
EmailFilterWindowsMail |
EmailFilterWindowsLiveMail |
|
AdvancedMemoryScanner |
RegistryScanner |
AmsiScanner |
CommandLineScanner |
BEHMON |
OFFICE365_ONDEMAND |
MailServerFilter |
MailDatabaseOnDemandScanner |
MailDatabaseScanner |
EMAILSERVER_OFFICE365 |
FileServerFilter |
FileDatabaseScanner |
GatewayServerFilter |
HyperVScanner |
GatewayHttpFilter |
GatewayFtpFilter |
GatewaySmtpFilter |
GatewayPop3Filter |
GatewayImapFilter |
HttpFilterWindows |
FtpFilterWindows |
Pop3FilterWindows |
ImapFilterWindows |
EPFW_FIRST_CONN |
HttpNetworkProtection |
CHROME_PROTECTOR |
ENTERPRISE_INSPECTOR |
EDTD |
ESCAN |
EAMON |
ESTARTUP |
ECLS |
EDMON |
IDLE |
FIRST_SCAN |
CRYPTO_BLOCKER |
ESCRIPT |
JSCRIPT |
EEMON |
EEMON_OE |
EEMON_TB |
EEMON_WM |
EEMON_WLM |
MEMSCAN |
|
REGSCAN |
AMSI |
CMDLINE |
BEHMON |
OFFICE365_ONDEMAND |
EMAILSERVER |
EMAILSERVER_ONDEMAND |
EMAILSERVER_ONACCESS |
EMAILSERVER_OFFICE365 |
EFILESERVER |
EFILESERVER_ONDEMAND |
GATEWAYSERVER |
VM_SERVER_HYPERV |
GATEWAY_HTTP |
GATEWAY_FTP |
GATEWAY_SMTP |
GATEWAY_POP3 |
GATEWAY_IMAP |
EPFW_HTTP |
EPFW_FTP |
EPFW_POP3 |
EPFW_IMAP |
EPFW_FIRST_CONN |
NETPROT_HTTP |
CHROME_PROTECTOR |
EsetDaemon |
MailServerFilterUnix |
ImapFilterUnix |
MdaWrapper |
PipeFilter |
Pop3FilterUnix |
SendmailFilter |
SmtpFilter |
ZMailerFilter |
CommuniGateProFilter |
ProxyPop3FilterUnix |
ProxyImapFilterUnix |
HttpFilterUnix |
HttpProxyFilterUnix |
ProxyFtpFilterUnix |
OnDemandScannerUnix |
DazukoAccessProtection |
FtpFilterUnix |
PreloadAccessProtection |
SafeSquidFilter |
CliInterface |
IcapServer |
GraphicalUserInterface |
KernelAccessControl |
RealTimeFileSystemProtectionUnix |
USTARTUP |
UDAEMON |
UMAIL_SERVER |
UIMAP |
UMDA |
UPIPE |
UPOP3 |
USMFI |
USMTP |
UZMFI |
UCGP |
UPROXY_POP3 |
UPROXY_IMAP |
UHTTP |
UPROXY_HTTP |
UPROXY_FTP |
USCAN |
UDAC |
UFTP |
UPAC |
USSFI |
UCLI |
UICAP |
UGUI |
UKAC |
UFAC |
USTARTUP |
|
支持的行动
•Detection