Generating the Endpoints with Threats on Last Scan Report

Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

To locate and manage detected threats from the last scan, you can generate the Endpoints with Threats on Last Scan report. This report shows threats by endpoint location. From the report, you can change the endpoint's policy, run a scan, create an override for a file, or restore a file from quarantine.

You can modify the report data as follows:

  • View all detected threats within a selected policy or group, which is helpful if you need to narrow search results to a specific set of endpoints.
  • Drill down to see the threats detected within a date range, which is helpful if you want to narrow the search results to a specific time period.

To generate the Endpoints with Threats on Last Scan report:

  1. From the Endpoint Protection console, click the Reports tab.
  2. From the Report Type drop-down menu, select Endpoints with Threats on Last Scan.

  3. To include deactivated and hidden endpoints in the report, select the Include deactivated and hidden checkbox. This is an optional step. 

  4. Click the Submit button.


    The report displays in the right panel, with the following options:
    • View and change the policy — To open the policy settings for that endpoint and change the settings, click the View link. Endpoints assigned to the Unmanaged policy have no View link because they are controlled at the endpoint level.
    • Launch scan — To initiate a scan and auto-quarantine threats, click the Broom icon on the far right.

  5. In the upper panel, click a hostname from the upper panel to view details about threats found on an endpoint in the bottom panel.

  6. From the bottom panel, you can perform one of the following actions on a selected threat:
    • Create override — To bypass Endpoint Protection and designate the file as Good (allow the file to run) or Bad (detect and quarantine the file), from the Command bar, click Create override. For more informaiton, see Applying Overrides to Files From Reports.
    • Restore from Quarantine — If the file is safe and you want to restore it to the original location on the endpoint, from the Command bar, click Restore from Quarantine.
  7. To show or hide additional data for the report, click a column header to display the drop-down menu, then select checkboxes to select, add, or remove columns. For more information about the descriptions of the data in the columns, see Sorting Data in Tables and Reports.
  8. For informaiton about how to download a report spreadhseet, see Downloading Report Spreadsheets.