Next Topic

Previous Topic

Book Contents

View Threats

Security > View Threats

  • Similar information is provided by Reports > Security.

The View Threats page displays threats you can take action on. Threats are grouped by their status on two different tabs:

  • Current Threats - Lists discovered threats on machines that could not be automatically healed. Each unhealed threat remains unchanged on the machine, requiring administrator action. Deleting a threat on the Current Threats tab deletes the file immediately, without moving the file to the Virus Vault.
  • Virus Vault - Threats are discovered by scan or resident shield. Healing the threat replaces the original file with a healed copy. The original, unhealed file is moved to a hidden partition on the computer hard drive called the Virus Vault. In effect, the Virus Vault acts as a kind of "recycle bin" for threats, allowing you to recover them before deleting them permanently from machines.

Healing

Healing involves the following steps:

  1. An attempt is made to clean the file.
  2. If that fails, an attempt is made to move the file to the Virus Vault.
  3. If that fails, an attempt is made to delete the file.
  4. If that fails, the file remains unchanged on the machine and is listed in the Current Threats tab of the View Threats page.

MS Exchange Server Threats

Any malware detected by MS Exchange Server email protection is immediately deleted from the MS Exchange Server and displays only on the Virus Vault tab.

Current Threats

The Current Threats tab provides you with the following actions:

  • Heal - Attempts to heal a file without deleting it. Healed threats are removed from the Current Threats tab and display in Virus Vault tab.
  • Delete - Attempts to delete a file. Deleted threats are deleted from the computer immediately.

    Note: If both healing and deletion fail, it may mean the file is open. Kill any processes keeping the file open and try to delete the file again.

  • Cancel Pending Operation - Cancels any of the other actions, if they have not yet been completed.
  • Add to PUP Exclusion List - Selected threats are added to the exclusion list for the profile assigned to the machine they were found on. Exclusion means the file is no longer scanned as a potential threat on all machines assigned this profile. Only perform this action if you're certain the file is safe to use. The entire PUP Exclusion List is maintained using the Define Profile > PUP Exclusions tab.

Virus Vault

The Virus Vault tab provides you with the following actions:

  • Restore - Restores the original file identified as a threat. Only perform this action if you're certain the file is safe to use.
  • Delete - Deletes the original file identified as a threat from the Virus Vault.

    Note: You cannot recover a file deleted from the Virus Vault.

  • Cancel Pending Operation - Cancels any of the other actions, if they have not yet been completed.
  • Add to PUP Exclusion List - Selected threats are added to the exclusion list for the profile assigned to the machine they were found on. Exclusion means the file is no longer scanned as a potential threat on all machines assigned this profile. Only perform this action if you're certain the file is safe to use. The PUP Exclusion List is maintained using the Define Profile > PUP Exclusions tab.

Apply Filter / Reset Filter

Click Apply Filter to filter the rows displayed by the text entered in the Machine.Group, Threat Path or Threat Name fields. Time filtering and Action sorting occurs immediately. Click Reset Filter to display all rows of data.

Filter Fields

Filter the display of threats using text fields, a date range and/or drop-down lists. Include an asterisk (*) wildcard with the text you enter to match multiple records.

  • Machine.Group - Filter by the machine ID.group ID of the managed machines reporting threats.
  • Threat Path - Filter by pathname location of files on managed machines with reported threats.
  • Time - Filter by a range of dates and times the threats were last detected. Time filtering occurs immediately.
  • Threat Name - Filter by the name of the threat, as designated by the anti-malware definitions used to detect a threat.
  • Category - Filter by the type of threat reported. Select All OFF or All ON to enable or disable all categories.
  • Actions - Filter by pending or completed actions taken against view threat records. Select All OFF or All ON to enable or disable actions. Action sorting occurs immediately.