search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.77k stars 8.17k forks source link

[Enhancement] No option in advanced settings to prevent the file from being quarantined #92780

Closed muskangulati-qasource closed 3 years ago

muskangulati-qasource commented 3 years ago

Description No option in advanced settings to prevent the file from being quarantined

Build Details:

Version: 7.12.0 BC2
Commit: 4f65a5a1268fa78f1af9117d12312e1cee433376
Build number: 39000
Artifact: https://staging.elastic.co/7.12.0-37f40745/summary-7.12.0.html

Browser Details: All

Preconditions:

  1. Cloud environment for 7.11.0 should exist.
  2. Endpoint should be installed with Security Integration

Steps to Reproduce:

  1. Navigate to the Administration tab under Security.
  2. Click on the Policy name
  3. Scroll down to find the advanced settings
  4. Observe there is no advanced setting to prevent the ransomware file from being quarantined.

Impacted Test case: N/A

Actual Result: No option in advanced settings to prevent the file from being quarantined

Expected Result: There should be an option in advanced settings to prevent the file from being quarantined

What's working: N/A

What's not working: N/A

Screenshot quarantineRansomware

muskangulati-qasource commented 3 years ago

@deepikakeshav-qasource please review!

ghost commented 3 years ago

Reviewed and assigned to @kevinlog

kevinlog commented 3 years ago

@ferullo does the existing setting turn off all quarantine capabilities or is it just for malware?

ferullo commented 3 years ago

Ransomware is not quarantined on prevention so no advanced option to disable it is relevant.