You can view, analyze, and handle attack events that are reported.
Operations:
1. View virus details.
You can view virus details, including the detection results reported by anti-virus engines, static information about virus files, and information about virus processes;
2. Download virus files.
You can download a virus for further analysis. The virus file has been uploaded to the server, so it can be downloaded regardless of whether the virus exists on the host. A downloaded virus file is a real virus file. Therefore, download virus files in a secure environment;
3. Handle viruses.
You can process viruses in various ways, and batch processing operations are supported.
(1) You can block virus processes, and isolate and delete virus files. After the virus file is isolated or deleted, the system marks the event as fixed and removes the event from the alarm list. You can view fixed event in the alarm history list;
(2) If you confirm that an event is not an attack, you can add it to the trust zone. The system does not generate alarms when the same type of events occur. You can view the event record in the trusted zone;
(3) After an event is fixed, it is marked as repaired and removed from the alarm list. You can view fixed events in the fixed alarm list. The username of the account that is used to fix the event is displayed as the operator.
4. Scan viruses again.
Click Redetect to scan viruses running on hosts again and verify the fixed virus events.You can select all hosts, select a service group, or specify hosts as the scan scope.
5. Export virus information.
You can export virus information. ClickExport All, select the records you want to export, and then click Export to export virus records;
(1) Repair History
You can view all virus events that have been recorded as remediated. On this page, you can export and view the details.
(2) Trusted Zone
You can view all virus events that have been trusted. The trusted events can be deleted.