ePolicy Orchestrator 4.5 or 4.6

This example analysis is used as a framework for analyzing most VirusScan Enterprise protection scenarios with ePolicy Orchestrator 4.5 or 4.6.

Before you begin

You must have direct or remote access to a VirusScan Enterprise protected system to perform this example analysis.

Task

For option definitions, click ? in the interface.

  1. Determine where and when the attacks occurred:
    1. Click Menu | Reporting | Queries to open the Queries pane.
    2. Type Malware in the Quick find search and click Apply. The Malware Detection History query appears in the Queries list.
    3. Select the query and click Actions | Run. The query returns the number of recent attacks.
  2. To determine which malware was used in the attack, click Menu | Reporting | Threat Event Log to display the Threat Event Log.
  3. Double-click the log event to display the details page in the pane. From the log event you can determine:
    • Threat Source IP Address and target are shown to help you determine what actions to take.
    • Threat Name and Threat Type describe what malware was used in the attack.
    • Threat Event Descriptions describe how the attack affected the system and what actions were taken on the threat.

ePolicy Orchestrator 4.5 or 4.6