Deal with exploits
This is what happens when we detect an exploit.
If you know a detection is a false positive, see Deal with false positives.
When an exploit is detected, the following things happen:
- The exploit is stopped.
- The user is notified.
- A scan starts to clean up threats.
- A threat graph is generated.
What you should do
Go to Overview > Threat Analysis Center > Threat Graphs and review the graph details to find out where the attack started, how it spread, and which processes or files it affected.
Often a user has downloaded or authorized an application that gave an attacker access. To avoid this, give users training in safe browsing.