I’m running 11:28.24 and don’t initially mind if a suspicious file is identified. However if,after due investigation, I am satisfied that the identified file is okay, is there a way of marking to file ‘good’ so that the same suspicious file is not reported over and over again and thus risking the ‘cry wolf’ scenario?
File Activity Anomaly Alert
• Description: A suspicious file
Monitoring Criteria: (Event Code equals to 7:211|7:212|7:293|7:269|14:325|69:52)