Analyzing behavior on user workstations

SES Evolution makes it possible to run scans on user workstations, in particular searches for binary or textual schemas with the Yara tool, and searches for indicators of compromise (IoC). These scans, which can run as background tasks or are triggered when a particular event occurs, make it possible to detect malicious or suspicious behavior. This allows you to react quickly when a proven attack occurs.

Quarantined files are excluded from scans.

To ensure operation of these scan operations, the Yara scan and IoC scan features must be enabled in the agent group configuration. For more information, see Scheduling Yara scans and Scheduling IoC scans.