Viewing recent threat status



Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

From the Status tab, you can quickly view endpoints that reported a threat in the past week.

To view endpoints encountering threats in the past week:

  1. Make sure the Status tab is selected.
    The bar chart at the top shows a daily summary of threats found on endpoints. The table at the bottom of the panel shows more details about the endpoints.
     
  2. To learn more about a threat, locate the threat in the row, and in the Blocked Columns column, click the View link.
    The Blocked Programs view displays.


    Note: For more information on Dwell Time, see About Dwell Time.
  3. To show or hide additional data about the recently infected endpoints in the bottom panel, click a column header to open the drop-down menu, then select checkboxes to add columns or deselect checkboxes to remove columns.
  4. For descriptions of the data in the columns, see Sorting data in tables and reports.
  5. For additional information on any risks posed by threats and undetermined file types, click on any file name.
    The system displays the File Intelligence view.




    The various aspects of this view are described in the following table.
    FIELD NAMEDESCRIPTION
    Determination Hover the mouse over the determination to display agent, rule, and cloud informaiton.
    Global Popularity Displays information on the first time (FS) the file has been seen by WIN and also its global popularity, that is, how much it has been seen by others.
    Google Product/Vendor Links Click the link to access additional information about the file. This can be useful when the admin is unsure about the classificaiton.
    Create Override Click the button to override the file for white- or blacklisting purposes.
    Console Popularity Displays how many times the file has been seen within the console and when.
    Console Dwell Time Displays how many times the file has been seen within the console and for how long. 
    Endpoint Dwell Time Displays how long the file has been seen on the device in question.
  6. For more details about threats and further options, you can generate the Endpoints with Threats on Last Scan report. From this report, you can change the endpoint's policy, run a scan, create an override for a file, or restore a file from quarantine. See Generating the Endpoints with Threats on Last Scan report.