ePolicy Orchestrator 4.5 or 4.6
This example analysis is used as a framework for analyzing most VirusScan Enterprise protection scenarios with ePolicy Orchestrator 4.5 or 4.6.
Before you begin
You must have direct or remote access to a VirusScan Enterprise protected system to perform this example analysis.
For option definitions, click ? in the interface.
- Determine where and when the attacks occurred:
- Click Menu | Reporting | Queries to open the Queries pane.
- Type Malware in the Quick find search and click Apply. The Malware Detection History query appears in the Queries list.
- Select the query and click Actions | Run. The query returns the number of recent attacks.
- To determine which malware was used in the attack, click Menu | Reporting | Threat Event Log to display the Threat Event Log.
- Double-click the log event to display the details page in the pane. From the log event you can determine:
- Threat Source IP Address and target are shown to help you determine what actions to take.
- Threat Name and Threat Type describe what malware was used in the attack.
- Threat Event Descriptions describe how the attack affected the system and what actions were taken on the threat.