Generating the Threat History (Collated) Report

Hello. You have arrived at an outdated topic. Please click this link to be redirected to the updated Endpoint Protection Admin Guide.

To view a summary of detected threats, you can generate the Threat History (Collated) report. This report shows a bar chart for endpoints with detected threats and blocked programs. From here, you can create overrides for blocked programs and restore files from quarantine.

Note: To view a summary of threats, see Generating the Threat History (Daily) Report. The Threat History (Daily) report is just a summary; you cannot manage threats from that report.
You can modify the report data as follows:
  • View all threats within a selected policy or group, which is helpful if you need to narrow search results to a specific set of endpoints.
  • Drill down to see the threats detected within a date range, which is helpful if you want to narrow the search results to a specific time period.

To generate the Threat History (Collated) report:

  1. From the Endpoint Protection console, click the Reports tab.
  2. From the Report Type drop-down menu, select Threat History (Collated).

  3. If needed, select a specific policy or group. If you do not select a policy or group, the report data shows all policies and groups, and, depending on your environment, may take a long time to generate.

  4. In the Between and And fields, enter a start and end date for the report data.

  5. To include deactivated and hidden endpoints in the report, select the Include deactivated and hidden checkbox. This is an optional step.

  6. Click the Submit button.

    The report displays in the right pane.

  7. From this panel, click one of the bars to view more details about Endpoints with threats or Blocked Programs.
    If you click the Blocked Programs bar chart, the bottom panel shows details about the programs.

  8. From the bottom pane, click the View links in the All Endpoints and All Versions column to view more information.
    The View link under All Endpoints displays this panel.

    The View link under All Versions displays this panel.

  9. To set an override for the file or restore it from quarantine, select the Endpoints with threats bar to display more information in the bottom panel.

  10. Locate the row for the endpoint that has the blocked program and select the View link in the Blocked Programs column to open the following dialog:

  11. Select either or both of the following:
    • Create override — To bypass Endpoint Protection and designate the file as Good (allow the file to run) or Bad (detect and quarantine the file), from the Command bar, click Create override. For further instructions, see Applying Overrides to Files From Reports.
    • Restore from Quarantine — If the file is safe and you want to restore it to the original location on the endpoint, from the Command bar, click Restore from Quarantine.
    You can also select whether you want to apply this override to all policies or selected policies, so you don't need to create this override again on other endpoints.
  12. To show or hide additional data for the report, click a column header to display the drop-down menu, then select checkboxes to select, add, or remove columns. For more information about descriptions of the data in the columns, see Sorting Data in Tables and Reports.