The detection monitoring feature allows you to carry out searches of your network to know when your computers have been in danger, what types of threats have been detected, and which action was taken against them.
Use the Options menu to enable a filter that will let you look for computers depending on the group and/or subgroup to which they belong and the type of detection.
Select the type of threat detected or the source of the detection. You can also select All detections.
Click Find.
The Computer column shows the list of scanned computers, presented either by their name or their IP address. If you want to change the way they are presented, you can do this from Preferences > Default view.
The Group column indicates the group to which the computer belongs. The full path of the group is only displayed in the tooltip, and in the Excel and CSV files obtained after exporting the data displayed in the console.
The Name column indicates the name of the threat, and the Type column provides information about the type of threat and/or blocked device (USB flash drives, CD/DVD drives, Bluetooth, image devices, etc.). In the case of URLs, the solution specifies if it is a malware or phishing URL.
Instances indicates the number of times the detection was made.
Finally, Action indicates the action taken by to neutralize the attack, and in Date you can see the date and exact time when the threat was detected.
The list of detections shows the items detected over the last seven days.
As a general rule in the List of detections window, when you place the mouse pointer on any of the items in the search list, a yellow tag will appear with information about the item.
Finally, you can get more details about detections. Click the [+] symbol next to the name or the IP address of any of the computers, and you will go to the Detection details window.
Detections made by the background scans of the Exchange Server protection (on Exchange 2007/Exchange 2010 servers) will appear as “Notified by: Intelligent mailbox scan”.
On Exchange 2003 servers, it is not possible to differentiate between items detected by the background scan or by other types of scans. They will appear as “Notified by: Exchange Server Protection”).
In some cases, you will be able to access information that offers on its website about certain threats. To do this, click View description.
The information displayed in the List of detection window for Linux and OS X computers is the same as for Windows computers.
The list of detections made can be exported either to Excel or CSV format. To do this, click the relevant icon next to Export to.
Both formats include a header which specifies the date and time when the file was created, a summary of the search criteria, and the details of the list, including the source IP address of the infection(s).
Exported files will display the full path of the group (All\group1\group2).