Filter 'Configuration Change' Logs
You can filter logged events by the following criteria:
- Action: Filter by the activity performed on the item in the 'Object' column. For example, 'Added', 'Changed'.
- Status: Not used
- Modifier: Filter by who, or what made the change.
- Name: Filter by the scan profile affected by the change, if any.
- Object : Filter logs based on the setting affected by the change.
Configure Event Filters
- Open Xcitium Client Security
- Click 'More' > 'View Antivirus Events'
- Click the 'More' button to open the log viewer module
- Right-click inside the log viewer module and select 'Advanced Filter'
- Click 'View' on the menu bar and select 'Advanced Filter'
There are 4
types of filter. Each of these can be further refined by specific
parameters.
- Select
a filter criteria and click 'Add'
1. Action: Filter events by the activity which was recorded. For example, 'Object added', 'Object removed', or 'Option changed'.
- Select 'Equal' or 'Not Equal' option from the drop-down.
- Equal – Show only events which feature the action you select. You can select multiple actions.
- Not Equal - Inverts your choice. For example, 'Not Equal' + 'Object Added' shows every event except those where objects were added.
- Object Added - Events where an item was created
- Object Changed - Events where an item was modified. For example, an update to a scan profile.
- Object Removed - Events where an item was deleted
- Option Changed - Events where a setting was modified. For example, 'Show scan progress' was changed from enabled to disabled.
- String Added – Not used.
- String Removed– Not used.
2. Modifier: Filter events by the agent that made the change. 'User' is the only possible option.
- Select 'Equal' or 'Not Equal' option from the drop-down.
- Equal – Show only events which feature the action you select. You can select multiple actions.
- Not Equal - Inverts your choice. For example, 'Not Equal' + 'User' shows every modification except those by a user.
- Select the configuration changes you want to view:
- User – Show changes which were made by a user
- Antivirus Alert - Not used
- Auto Learn - Not used
- Firewall Alert - Not used
- Defense+ Alert - Not used
- BO Alert - Not used
- Execution Alert - Not used
3. Name: Filter events by the profile label involved in the configuration change. For example, a folder was added to a particular scan profile. You need to enter the profile name in the field provided:
- Select 'Contains' or 'Does Not Contain' from the drop-down:
- Contains – Show only events which concern the items you specify.
- Does Not Contain – Show all events except those that concern the items you specify.
4. Object: Filter events by the item that was changed. Examples include AV profile, AV schedule, AV alert timeout, and more.
- The following list shows all available object types:
Select 'Equal' or 'Not Equal' option from the drop-down.
- Antivirus Mode
- Antivirus Timeout
- Antivirus Realtime AutoUpdate
- Antivirus Realtime Auto Quarantine
- Antivirus Realtime Heuristics Level
- Antivirus Realtime Size Limit
- Antivirus Realtime Time Limit
- Antivirus Manual Scan Archives
- Antivirus Manual Auto Update
- Antivirus Manual Heuristics Level
- Antivirus Manual Size Limit
- Antivirus Manual Scan Cloud
- Antivirus Scheduled Scan Archives
- Antivirus Scheduled AutoUpdate
- Antivirus Scheduled Auto Quarantine
- Antivirus Scheduled Heuristics Level
- Antivirus Scheduled Size Limit
- Antivirus Scheduled Scan Cloud
- Antivirus Profile
- Antivirus Schedule
- Antivirus Exclusion
- Antivirus Disable Logging
- Active Configuration Index
- Password Protection
- Use Proxy
- Proxy Authentication
- Proxy Server
- Proxy Port
- Proxy Login
- Proxy Password
- GUI Language
- Password
- Updates Host
- Log File Size Limit
- Log overflow handling
- Log Backup Folder
- Equal – Show only events which feature the action you select. You can select multiple actions.
- Not Equal - Inverts your choice. For example, select 'Not Equal' + 'Antivirus: Alert Timeout' to view every configuration change except changes to alert timeouts.