Using Application Behavior Investigation on the Remote Agent

The application behavior investigation process on the remote agent is a nonintrusive mechanism. The agent continues to function normally while all normal agent interaction occurs. The only difference is that while an investigation is running on the selected agent, all interaction regarding the application being monitored is logged for further reporting and investigation at the central management console after the job is concluded.

The sample investigative process for this scenario watched winword.exe. During the time the job was running on the selected agent system, the application was fully tested by an individual and has all the desired functions, including reading and writing files ...

Get Cisco Security Agent now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.