Advanced file analysis alert messages and reports

When a malicious file has been detected, a plain-text alert email is sent to the configured administrator.

Important: To receive alerts about files found to be malicious by advanced file analysis, you must enable and configure email or SNMP alerts.

In the body, the User field includes the user name only if user authentication was used to identify the client. Otherwise, the client IP address appears in the field.

Two links are included.

  • The first links to either a detailed report on the file and its malicious contents, either in the cloud or on the appliance. (You may first be prompted for logon credentials.)
    Note: If the Forcepoint Advanced Malware Detection was installed using a hostname, the link will work only if the hostname is resolvable on the network.
  • The second launches an investigative report, using your log records, for the time period in which the file download occurred.
    • Depending on your browser, you may have to enable popups to allow the report to be displayed.
    • You may receive the advance file analysis alert message before Forcepoint Web Security has written all of the transaction records in the Log Database. Periodically refresh the report to include pending records.