All Info related to that case collected on own site. This is rather important BECAUSE we heard that Raptor will be Parts of VSE 10. So things hsould be cleared up before that release.
please find your questions and our Back office answers below:
a) Something is isolated
Answer : No nothing is isolated.
b) Something is blocked
Answer : No nothing is blocked.
c) We assume that raptor Module is used by EI-Agent to determine if EXE on client is bad/good nothing. Raptor.exe USED by EI-Agent WILL NOT BLOCK/ISOLATE/TRY-TOSTOP anything?
Answer : Raptor is only used for detecting malicious activity and to identify an executable that is responsible for this. It does not classify an exe as good or bad or unknown. No blocking.
d) As mentioned in the Mcafee Blog where mcafee recommends the EI-Agent as solutuion for finding Locker Malware EXE on clients IT SAYS it will MONITOR/REPORT only
Answer : EIA with ePO can be used for reporting number of connections from an executable with other information like MD5, absolute path and also the malware risk score for each of the executables.
e) Why does the EPO then show the THREAT Event?
Answer : Threat event is shown for reporting alone. For alerting the admin.
Please let me know in case of open questions or if I can assist you in any way.
With kind regards,
Technical Support Engineer