Kandji EDR: Changes to Rechecking Threats, User Notifications

We have introduced a new workflow for rechecking a threat’s status with Kandji EDR. You can now manually recheck whether or not a previously detected threat is still present at its original file path location when the Malware or PUP posture modes are in Detect mode. If the threat is no longer at the specified file path, its threat status will change to Resolved.

We’ve also changed status reporting for threats that are (a) detected when the Malware or PUP posture modes are in Detect mode and (b) then deleted locally on the device.  The status of such threats will now change from Not quarantined to Resolved when you elevate the Malware or PUP posture to Protect mode. The same applies when the device is assigned a new Blueprint containing an Avert Library Item in which the Malware or PUP posture modes are in Protect mode. For more details on rechecking a threat’s status, see our support article. 

Finally, we have introduced a new configuration option in the Avert Library Item that allows you to optionally turn on end-user alerts, to inform those users when Kandji EDR has quarantined Malware or PUPs on their Mac computers. For more details on configuring end-user alerts, see our support article.