Checking scan results and managing threats



Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

From Group Management, you can view the scan history of endpoints and manage any detected threats. You can restore a file from quarantine if you know it is legitimate (see Restoring a file from quarantine). You can also reclassify a file as "Good" (allowed to run) or "Bad" (auto-quarantined), as described in Setting an override for the file.

Viewing the scan history

You can view a scan history for endpoints from the Group Management panel, which helps you determine where threats were found.

To view the scan history:

  1. Click the Group Management tab.
  2. From the Groups panel on the left, select a group with the desired endpoints.



  3. From the Endpoints panel on the right, select one of the endpoints as shown in the following example.
    The Scan History panel opens, showing scan activity and any threats detected on the endpoint.
    Note: If the pathname where a threat was identified includes a drive letter, the letter is masked with a question mark. For example, you might see a pathname that looks similar to the following: ?:\users\user1\desktop.



  4. If desired, you can show or hide additional data about the endpoint and the scan history. Click a column header to open the drop-down menu, then click in the checkboxes to select the columns to add or remove. For descriptions of the data in the columns, see Sorting data in tables and reports.

Restoring a file from quarantine

You can restore a file from quarantine from the Scan History panel (as described below) or from the All Threats Seen report (see Generating the All Threats Seen report). The file is automatically returned to its original location on the endpoint.

To restore a file:

  1. View the scan history for a particular endpoint, as described previously in this section.
  2. In the Scan History panel, locate the file by either clicking View in the Status column for the date when the threat was detected or by clicking View all threats seen on this endpoint.



  3. In the dialog that opens, select a file by clicking on its checkbox.
  4. Click Restore from Quarantine.



    The file returns to its original location on the endpoint.

Setting an override for the file

You can set an override for a file from the Scan History panel (as described below) or from the Overrides tab (see Applying overrides from the Overrides tab).

To set an override:

  1. View the scan history for a particular endpoint, as described previously in this section.
  2. In the Scan History panel, locate the file by either clicking View in the Status column for the date when the threat was detected or by clicking View all threats seen on this endpoint.



  3. In the dialog that opens, select a file in the list.
  4. Click Create override.



    The following dialog opens:



  5. Open the Determination drop-down menu by clicking the arrow to the right of the field. Select one of the following:
  • Good: Always allow the file to run.
  • Bad: Always send the file to quarantine.

  1. You can apply this override globally or to an individual policy, as follows:
  • To apply the override to all policies, keep the Apply the override globally checkbox selected.
  • To select an individual policy for the override, deselect the checkbox. When the Policy field appears, click the drop-down arrow to the right of the field and select a policy.