Weird "Threat_Detected" threat name I can't seem to find to tune out.
I have on a couple of occasions received an email from ePO based on an automated response rule I actually wrote for VSE. It triggers on an unhandled malware detection.
I don't receive all details on the threat from the email which is normal, but based on the approximate time, I feel I should be able to find it in the threat event logs or AppControl observation applet. But alas, I cannot.
Here are the details I do have from the original email notification (sanitized):
ePolicy Orchestrator Notification
Response Name: AAP: Corp Malware detected and not handled Event Type Name: Threat Defined at: Corp System Location: GlobalRoot\mypath
Description: Sends an e-mail notification when "Malware detected and not handled" events are received.