Posted by Remote Management Staff
Remote Management Staff

Endpoint Protection - New threat handling behavior

Hello, 

During the past 5 years, we have learned a lot from our customers on how they want to work with a remotely managed Endpoint Protection solution. Today we release an important step to overhaul the way customers will work with threats for TeamViewer Endpoint Protection. 

  • We do not create duplicate threats

When a new threat is detected and the engine is not able to resolve it only one RED threat is created even if another scan will detect it again. The RED state is valid for the following statuses: 

  • Infected
  • Delete at reboot
  • Suspicious
  • Unknown

Before we used to create a new threat after each scan, thus creating many duplicating active threats. 

  • A new way to handle Threat priority and statuses

We reworked the Acknowledgement system (YELLOW states) so that working with a large number of detected threats is easier for administrators. 

We simplified the system with the following states: 

  1. RED state - the threat was detected but not resolved. ( infected, delete at reboot, suspicious, Unknown) 
  2. Gray state 1 - the threat was detected and resolved by the engine (disinfected, deleted, quarantined, deleted at reboot)
  3. Gray state 2 - the threat was detected and not resolved by the engine (RED state) and the administrator investigated it, removed it, and marked it as acknowledged in the threat view form the Management Console.

 

With these 2 changes, we will reduce greatly the amount fo work needed to maintain and have a clear overview of the managed devices. The next step for this change will be a new User experience and interface for the threat view. If by reading this you got interested in the redesign of the user experience for the threat view please write me a private message and we could show you early design prototypes and you will have an ability to give early feedback and influence the final design. 

 

 

Product Owner, Remote Management services.