Analyzing behavior on user workstations

SES Evolution makes it possible to run scans on user workstations, in particular searches for binary or textual schemas with the Yara tool, and searches for indicators of compromise (IoC). These scans, which can run as background tasks or are triggered when a particular event occurs, make it possible to detect malicious or suspicious behavior. This allows you to react quickly when a proven attack occurs.

Quarantined files are excluded from scans.