Logs - Security events
The Security events panel includes virus results, PolicyManager requests, PatchManager reports, and firewall reports, as well as system messages about installations, reboots, etc. The event type is displayed in the Status column (e.g. Virus found or Quarantine: file moved to quarantine).
If you have configured scan jobs to only log viruses, you can execute virus countermeasures manually by selecting one or more entries from the list and choosing a command from the context menu (right mouse button), the Security events menu or the toolbar. Countermeasures available include removing and quarantining infected files.
You can customize the table to display more or fewer columns. For instructions on how to do this, see G DATA Administrator controls.
The Security events menu and the right-click context menu offer the following functions:
- View: Indicate whether you would like to see all reports, or only a subset of report types:
- Hide dependent reports: If identical reports are available (based on the Client, Reported by and File / Mail / Content fields), you can hide the duplicate entries using this option. Only the most current entry is shown.
- Hide read reports: Hide reports that have already been read.
- Remove virus from file (only for virus reports): Attempt to remove the virus from the original file.
- Move file to quarantine (only for virus reports): Move the selected files into the quarantine folder. The files will be encrypted and saved in the quarantine folder on the G DATA ManagementServer, and the original files will be deleted. The encryption ensures that the virus cannot cause any damage. For each quarantined file, there is a corresponding report. If you delete the report, the quarantined file is also deleted. You can send a file from the quarantine folder to the G DATA Security Labs for examination. Open the context menu of a quarantine report with a right-click. In the report dialog, click the OK button after entering the submission reason.
- Delete file (only for virus reports): Deletes the original file on the client.
- Define monitor exception (only for monitor reports; only in the context menu): Create a monitor whitelist entry based on the report (see Client settings > Monitor > Settings).
- Define ExploitProtection exception (only for ExploitProtection reports; only in the context menu): Create an ExploitProtection whitelist entry based on the report (see Client settings > Monitor > ExploitProtection).
- Revoke keyboard authorization: Revokes the authorization for a keyboard that was detected by USB Keyboard Guard and authorized by the end user.
- Quarantine: clean and move back (only for quarantine reports): An attempt is made to remove the virus from the file. If this succeeds, the cleaned file is moved back to its original location on the client. If the virus cannot be removed, the file will not be moved back.
- Quarantine: move back (only for quarantine reports): Moves the file from the quarantine folder back to the client. Warning: The file will be restored to its original state and will still be infected.
- Quarantine: send to G DATA Security Labs (only for quarantine reports): If you discover a new virus or an unknown phenomenon, always send us the file via the Quarantine function. We will, of course, treat the data you have sent us with the utmost confidentiality and discretion.
- Quarantine: delete file and report (only for quarantine reports): Delete the selected report and remove the file from the quarantine.
- Add URL to whitelist (only for Web content control reports): Add the requested URL to the global whitelist.
- Add URL to blacklist (only for Web content control reports): Add the requested URL to the global blacklist.
- Delete report: Deletes the selected reports. If reports to which a quarantine file belongs are to be deleted, you must confirm the deletion once more. In this case, the quarantined files are also deleted.
- Export reports (only in the context menu): Export the selected report(s) or the entire list as an XML file.
- Mark as read (only in the context menu): Mark the selected reports as read.
- Mark as unread (only in the context menu): Mark the selected reports as unread.
- Details/Actions (only in the context menu): Some events allow you to directly plan a job. For example, if a client has requested a patch rollback, you can right click on the rollback request and select Details/Actions. In the Distribute software (rollback) window you can then directly plan a rollback job, without having to open the PatchManager module to select the patch and client.
Release blocked applications
Users can request a share for blocked applications, which will appear in the security events.
To share an application, click the Application(s) blocked entry.
Select the type of sharing and confirm it with Perform action.
You can still enter a message text or use the standard text.
If you want to activate the application for several users, but not all users should see the message, then enter the user who should receive the message under User Name (optional).
Confirm your entries with OK.
Comments can be written for the safety events.
The comment column can be displayed via Select columns.
A comment can be written by double-clicking in the comment column. Alternatively, right-click on the line to open the menu and select Edit comment.
A free text field opens. When a comment is opened later, the history for the entry is displayed.