Skip to main content

What to do in case of suspicious activity

Suspicious activity on an endpoint can be a sign of potential security threats, malware infections, or unauthorized access. To protect your data and system integrity, it's essential to know how to respond effectively. This article outlines the steps to take when you encounter suspicious activity on an endpoint.

  1. Recognize suspicious activity

    Before taking action, you need to be able to identify what constitutes suspicious activity. Common signs include:

    • Unusual system behavior: frequent crashes, slow performance, or unexpected error messages.

    • Unfamiliar processes or programs: unknown applications running in the background.

    • Unauthorized access: suspicious logins, changes to user accounts, or failed login attempts.

    • Unusual network activity: unexplained data transfers, outgoing connections, or high network usage.

    • Unexpected pop-ups or warning messages, especially those requesting sensitive information.

    • Changed or deleted files, specifically data alterations or missing files without user intervention.

  2. Isolate the endpoint

    As soon as you suspect suspicious activity, disconnect the endpoint from the network. This will prevent any potential malware from spreading and causing further damage.

  3. Scan for malware

    Perform a full system scan to that system. Ensure your antivirus definitions are up to date before running the scan.

  4. Change your credentials

    If there is any indication that unauthorized access has occurred, change your passwords immediately, especially for sensitive accounts like email and administrative access.

  5. Report the incident

    Report the incident to Bitdefender Enterprise Support by opening a case to investigate further the situation encountered, providing the details noticed on that system along with screenshots, samples of the suspicious files, BdSysLog and Support Tool log.

  6. Strengthen security measures

    After resolving the issue, take steps to strengthen your endpoint security to prevent future incidents. This may include implementing stronger passwords, enabling multi-factor authentication, and keeping your software and operating system up to date.

Recognizing and responding to suspicious activity on an endpoint is critical in safeguarding your data and maintaining the security of your system. Always stay vigilant and proactive when it comes to endpoint security.