Advanced file analysis transaction

What does an advanced file analysis transaction look like?

1. An end user browses to a website and explicitly or implicitly downloads a file.
2. The URL is not categorized as “malicious” and Security Threats: File Analysis does not find the file to be malicious.
3. The file is delivered to the requester.
4. However, the file fits the Forcepoint Security Labs profile for suspicious files and is sent to the selected location for analysis.
5. The file is analyzed.
6. If the file is found to be malicious, a malicious file detection message is sent to the configured alert recipient. The alert email includes links to provide additional detail and to an investigative report created from your log records (examples below).
7. Upon receipt of the message, administrators should:
   1. Access and evaluate the Advanced File Analysis report. See Advanced File Analysis report for information about using that report.
   2. Examine the investigative report for the incident.
   3. Assess the impact of the intrusion in their network.
   4. Plan and begin remediation.
8. If the File Sandbox option was selected:
   1. Forcepoint Advanced Malware Detection for Web updates Forcepoint ThreatSeeker Intelligence with information about the file, the source URL, and the command and control targets.
   2. Forcepoint ThreatSeeker Intelligence updates the Forcepoint URL Database, ACE analytic databases, and other security components, which are then pulled by web protection deployments.
   3. The next time someone tries to browse the site, they and the organization are protected by their Forcepoint Web Security deployment.