Each Care Portal customer account will have a Security tab, as seen in the illustration below. The Security tab will record instances of detected malware, intrusions, and vulnerabilities on the customer's network.
When malware has been identified on a network, the record of the detection will be listed under the Detected Malware section.
Minim uses current threat feeds to find known Command & Control servers and the latest in malware. We then use that information to help alert the user when they could have a compromise. Minim does not triage security incidents unless they are severe enough to spread across other devices/networks. Minim will notify you of this and you must seek professional help to be rid of this infection.
It is also possible that a detected malware could be a "false positive". This can happen when there is not enough information to make an assessment. When a malware is detected, but Minim is unable to gain information about the host, a false positive may be reported.
Minim fingerprints each device and looks at traffic destinations. We compare the device type and the destinations with what we know to be or have been the control servers for that piece of malware to make an assessment as to whether malware is actually detected.
Learning more about a detection
When malware is detected, Minim provides you information to learn more about the malware, which device is at risk, and when the malware was detected.
Here is an example of detected malware:
On the left side of the malware listing, you will see a severity rating. If you hover over it, you will be provided with information relating to the rating.
If you click on the description of the detected malware, a pop-up will appear to provide you with a full description. There is also a link to an outside source to provide additional information regarding the malware.
If you click on the arrow to the far left of the detected malware, more information will be revealed. You will be able to determine which device on the network may be at risk, its MAC address, IP address, hostname, when the malware was detected, and how often it has been detected.
To view more information about the device at risk, click on the link in blue. A pop-up will appear containing additional information about the device to further identify it.
To remove the detected malware from the list, you may click one of the following buttons, located to the right of the listing. False Positive will prevent future alerts about this detected malware in the future, thus clearing the alert. Resolved will mark the malware detection as corrected, or fixed. This will also clear the alert.
When a potentially unauthorized device accesses the network, it is marked as a detected intrusion. Detected intrusions aren't always bad. They served as a useful tool when seeing what devices are trying to connect to a network.
If a device is authorized to be on the network, click the Known device button. This will mark it as a recognized device.
If a device should not have authorized access to the network, click the Pause device button. This will stop the device from connecting to the network. This action can be reversed by clicking the Unpause device button. Once a device is paused, you can also remove it from your list by clicking Clear alert.
Any potentially exploitable security issues that have been found on devices or operating systems on your network will be listed here. Read more to learn how to better protect your network.