North America
  • North America
  • Europe
  • United Kingdom
  • Asia & Pacific
  • Australia
  • South America
  • Africa

How to export security logs from Endpoint Manager

Release Time
142 times
Security Sub-System

All security-related events such as antivirus, containment, application control, autorun control, and virtual desktop can be exported as comma-separated-values in csv format.

Antivirus section captures the following events:

  • Files blocked, moved to the quarantine, or ignored
  • Files restored/removed from quarantine
  • Files rated as trusted, or submitted as false positives, from the scan results screen
  • Files added to the exclusions list

Containment section captures files blocked, ignored, or run in the container:

  • Auto-containment rules in the profile on the device
  • The file runs in the container on a one-off basis

Application Control section captures the following events:

  • Unrecognized and malicious files added to or removed from the CCS
  • Changes in the trust rating of those files

Autorun Control section captures action taken by CCS on the application that tries to modify Windows services, startup entries, and scheduled tasks:

  • Ignore
  • Terminate
  • Terminated and disabled
  • Quarantined and disabled
  • Restored
  • Deleted

Virtual Desktop section captures actions on endpoints:

  • Launched
  • Terminated
  • Session started
  • Session paused
  • Session continued
  • Session terminated
  • Switched to host
  • Switched to virtual desktop
  • Log into ITarian
  • Click ‘Applications’ > ‘Endpoint Manager’
  • Click 'Security Sub-System' > 'Security Dashboards'
    • Select the 'Event View' tab to view all records chronologically

    • Select the 'File View' tab to view all events have a particular file grouped together


  • Click 'Security Sub-System' > 'Containment' to create a report of all applications ran inside the container or the activities of processes started by contained applications



  • Click 'Security Sub-Systems' > 'Valkyrie' to create a report of identified files on endpoints by cloud-based file analysis service


  • Click 'Security Sub-Systems' > 'Antivirus' to create to report to:
    • Device list - all devices with their malware status
    • Current malware list - malicious devices on which no action has yet been taken
    • Quarantined Files - moved to quarantine by CCS installations on all managed
    • Threat history - malicious files found, removed or still present on managed devices over time
    • 'Autoruns Items' - report of autorun files which are available on devices


  • Click 'Security Sub-Systems' > 'Device Control'  to view a history of connection attempts


  • Next, click ‘Export’ > 'Export to CSV' to generate your report
  • You will be prompted with the notification at top-right:


  • All reports are placed in the 'Dashboards' > 'Reports'
  • It has Name,  File Type, Status of the file (downloaded, not downloaded), admin email, and date and time it was created
  • Click the 'Download link' to open/ save it. The report will look as follows: