Deal with exploits

This is what happens when we detect an exploit.

If you know a detection is a false positive, see Deal with false positives.

When an exploit is detected, the following things happen:

  • The exploit is stopped.
  • The user is notified.
  • A scan starts to clean up threats.
  • A threat case is generated.

What you should do

Go to Threat Analysis Center > Threat Cases and review the case details to find out where the attack started, how it spread, and which processes or files it affected.

Often a user has downloaded or authorized an application that gave an attacker access. To avoid this, give users training in safe browsing.