ePolicy Orchestrator 4.0

This example analysis is used as a framework for analyzing most VirusScan Enterprise protection scenarios with ePolicy Orchestrator 4.0.

Before you begin

You must have direct or remote access to a VirusScan Enterprise protected system to perform this example analysis.


For option definitions, click ? in the interface.

  1. Determine where and when the attacks occurred:
    1. Click Reporting | Queries to open the Queries list.
    2. From the Public Queries list, select ePO: Malware Detection History and click More Actions | Run. The Malware Detection History query appears in the Queries list.
  2. To view the event that triggered the malware detection, click Reporting | Event Log, the query returns the number of recent attacks.
  3. Double-click the log event to display the details page in the pane. From the log event you can determine:
    • Threat Source IP Address and target are shown to help you determine what actions to take.
    • Threat Name and Threat Type describe what malware was used in the attack.
    • Threat Event Descriptions describe how the attack affected the system and what actions were taken on the threat.

ePolicy Orchestrator 4.0