From Group Management, you can view the scan history of endpoints and manage any detected threats. You can restore a file from quarantine if you know it is legitimate (see Restoring a file from quarantine). You can also reclassify a file as "Good" (allowed to run) or "Bad" (auto-quarantined), as described in Setting an override for the file.
Viewing the scan history
You can view a scan history for endpoints from the Group Management panel, which helps you determine where threats were found.
To view the scan history:
Click the Group Management tab.
From the Groups panel on the left, select a group with the desired endpoints.
From the Endpoints panel on the right, select one of the endpoints as shown in the following example.
The Scan History panel opens, showing scan activity and any threats detected on the endpoint.
Note: If the pathname where a threat was identified includes a drive letter, the letter is masked with a question mark. For example, you might see a pathname that looks similar to the following: ?:\users\user1\desktop.
If desired, you can show or hide additional data about the endpoint and the scan history. Click a column header to open the drop-down menu, then click in the checkboxes to select the columns to add or remove. For descriptions of the data in the columns, see Sorting data in tables and reports.
Restoring a file from quarantine
You can restore a file from quarantine from the Scan History panel (as described below) or from the All Threats Seen report (see Generating the All Threats Seen report). The file is automatically returned to its original location on the endpoint.
To restore a file:
View the scan history for a particular endpoint, as described previously in this section.
In the Scan History panel, locate the file by either clicking View in the Status column for the date when the threat was detected or by clicking View all threats seen on this endpoint.
In the dialog that opens, select a file by clicking on its checkbox.
Click Restore from Quarantine.
The file returns to its original location on the endpoint.