Collecting Malware Info
=======================

When running, the Agent collects information about executable files on the
endpoint, including but not limited to their source, file have, and signatures.
The information collected may be provided to a vendor or third party for
analysis.The information collected is not provided for any purpose other than
malicious code detection and analysis.

- Detection results are provided in real time.
- Results may differ from similar solutions. User/ Administrator is
  responsible for actions taken in response to the results.

#. Go to **Policy** in the top panel.
#. Go to **Policy > Node Policy > Agent Action** in the left Policy panel.
#. Find and click **Collect Malware Information** in the Agent Action window.
#. Enter in **CWP message**, **Conditions**, based
   off of your network requirements.

Under **Consent Agreement** section:

#. Select **I Agree** from the drop down to consent to sharing endpoint data
   for threat analysis.

Under **Collection Exceptions** section:

#. List directories to exempt from data collection. Commonly exempted sections
   include antivirus quarantine folders, or other directories where known
   malicious files may be stored.

#. Click **Update.**

To Apply this Agent Action to a Node Policy:

#. Go to **Node Policy** in the left Policy panel.
#. Click the **[Desired Node Policy]** in Node Policy window.
#. Find **Agent Action**. Click **Assign.**
#. Find **Collect Malware Information** in the **Available** section. Select
   and drag it into
   the **Selected** section.
#. Click **Add.**
#. Click **Update.**