North America
  • North America
  • Europe
  • United Kingdom
  • Asia & Pacific
  • Australia
  • South America
  • Africa

How to check file details and history in the security dashboard

Release Time
12/27/2018
Views
36 times
Category
Security Sub-System
Tags


  • Open Endpoint Manager > Click 'Security Sub-Systems' > 'Security Dashboards'
     
  • The security dashboard is a list of all security-related events on managed Windows endpoints. The events in this interface are generated by the antivirus, containment and application-control modules. 
     
  • Example events you will see in the security dashboard are:
     
    • When malware is blocked, quarantined or ignored
    • When someone changes the trust rating of a file, or submits a false positive
    • When a file is run in the container
    • When files are added to, or removed from the client security file list
       
  • The interface also lets you change the trust rating of a file, move files in or out of quarantine, and view file details and activity.
     
  • The dashboards has two tabs:
     
    • Event View - Shows all events in chronological order 
       
    • File View - All events concerning a particular file are grouped together in a single row
       
  • Click on a filename in either of the two views above to access the following:
     
    • File Details - Basic information about the file, including date first seen and number of endpoints on which it was found.
       
    • File History - A timeline of events caused by the file. This includes the device on which the event took place and the action that was taken on the file.
       

View file details and history

  • Login to ITarian
     
  • Click 'Applications' > 'Endpoint Manager'
     
  • Click 'Security Sub-Systems' > 'Security Dashboards'
     
  • Select the 'Event View' tab or the 'File View' tab
     
  • Select an event then click the 'File Details' button:

 

 

  • You will be taken to the file details page:




     
    •  Last detected file name: Name of the file when it was most recently scanned
       
    • SHA1: SHA1 hash value of the file
       
    • First Seen by Comodo: Date the file was first reported to Comodo threat labs
       
    • First Seen on my Network: Date the file was first detected on one of your devices
       
    • Number of endpoints: Number of endpoints on which the file was found
       
    • Comodo Rating: The trust verdict on the file from Comodo threat labs
       
    • Last Update of Comodo Rating: Time the Comodo rating most recently changed
       
    • Admin rating: Rating assigned by an Endpoint Manager admin. Click 'Change Rating' to update this.
       
    • Version: Current version of the file

 

  • Action on Endpoint – Applies to quarantined files only.  Lets you delete the file or restore it from quarantine on the endpoint.
     
  • Change Rating – Alter the trust rating of the file to trusted, malicious or unrecognized. The new rating will be propagated to all endpoints during the next synchronization.