Comodo Help
Find the desired product help
Comodo Internet Security

Comodo Internet Security

Version 12.2

English

Print Help Download Help
Advanced Tasks – Introduction > View CIS Logs > Search And Filter Logs
  • Introduction To Comodo Internet Security
    • Special Features
    • Download, Installation And Activation
    • Start Comodo Internet Security
    • The Main Interface
      • The Home Screen
      • The Tasks Interface
      • The Widget
      • The System Tray Icon
    • Understand Security Alerts
  • General Tasks – Introduction
    • Scan And Clean Your Computer
      • Run A Quick Scan
      • Run A Full Computer Scan
      • Run A Rating Scan
      • Run A Custom Scan
        • Scan A Folder
        • Scan A File
        • Create, Schedule And Run A Custom Scan
    • Secure Shopping Settings
    • Manage Virus Database And Program Updates
    • Get Live Support
    • Manage Blocked Items
    • Instantly Scan Files And Folders
    • Process Infected Files
  • Firewall Tasks - Introduction
    • Configure Internet Access Rights For Applications
    • Manage Network Connections
    • Stop All Network Activities
    • Stealth Your Computer Ports
    • View Active Internet Connections
  • Containment Tasks - Introduction
    • Run An Application In The Container
    • Reset The Container
    • Identify And Kill Unsafe Running Processes
    • View Active Process List
    • The Virtual Desktop
      • Start The Virtual Desktop
      • The Main Interface
      • Run Browsers Inside The Virtual Desktop
      • Open Files And Run Applications Inside The Virtual Desktop
      • Configure The Virtual Desktop
      • Close The Virtual Desktop
  • Advanced Tasks – Introduction
    • Create A Rescue Disk
      • Download And Burn Comodo Rescue Disk
    • Remove Deeply Hidden Malware
    • Manage CIS Tasks
    • Manage Quarantined Items
    • View CIS Logs
      • Antivirus Logs
      • VirusScope Logs
      • Firewall Logs
      • HIPS Logs
      • Containment Logs
      • Website Filtering Logs
      • Device Control Logs
      • Autorun Event Logs
      • Alerts Logs
      • CIS Tasks Logs
      • File List Changes Logs
      • Vendor List Changes Logs
      • Trusted Certificate Authority Change Logs
      • Configuration Change Logs
      • Secure Shopping Activity Logs
      • Search And Filter Logs
    • Submit Files For Analysis To Comodo
  • CIS Settings
    • General Settings
      • Customize User Interface
      • Configure Program And Virus Database Updates
      • Log Settings
      • Manage CIS Configurations
        • Comodo Preset Configurations
        • Personal Configurations
    • Antivirus Configurations
      • Real-time Scan Settings
      • Scan Profiles
    • Firewall Configuration
      • General Firewall Settings
      • Application Rules
      • Global Rules
      • Firewall Rule Sets
      • Network Zones
        • Network Zones
        • Blocked Zones
      • Port Sets
    • HIPS Configuration
      • HIPS Settings
      • Active HIPS Rules
      • HIPS Rule Sets
      • Protected Objects
        • Protected Files
        • Blocked Files
        • Protected Registry Keys
        • Protected COM Interfaces
        • Protected Data Files And Folders
      • HIPS Groups
        • Registry Groups
        • COM Groups
    • Containment Configuration
      • Containment Settings
      • Auto-Containment Rules
      • Containment - An Overview
      • Unknown Files - The Scanning Processes
    • File Rating Configuration
      • File Rating Settings
      • File Groups
      • Submitted Files
    • Advanced Protection Configuration
      • VirusScope Settings
      • Scan Exclusions
      • Device Control Settings
      • Script Analysis Settings
      • Miscellaneous Settings
      • Comodo Secure Shopping
    • Website Filtering Configuration
      • Website Filtering Rules
      • Website Categories
  • Comodo GeekBuddy
    • Download And Install GeekBuddy
    • Overview Of Services
    • Activation Of Service
    • Launch The Client And Use The Service
    • Accept Remote Desktop Requests
    • Uninstall Comodo GeekBuddy
  • TrustConnect Overview
  • Dragon Browser
  • Comodo Backup
  • Comodo Internet Security Essentials
    • What Is Comodo Internet Security Essentials
    • What Is A Man-in-the-middle Attack
    • How Does Comodo Internet Security Essentials Protect Me From A Man-in-the-middle Attack
    • What Is The Install Location Of Comodo Internet Security Essentials
    • How Do I Update CISE
    • Understand Alerts And Configure Exceptions
    • How Do I View CISE Help
    • How Do I View The Version Number And Release Notes
    • How Do I Remove Comodo Internet Security Essentials
  • Appendix 1 CIS How To... Tutorials
    • Enable / Disable AV, Firewall, Auto-Containment, VirusScope And Website Filter Easily
    • Set Up The Firewall For Maximum Security And Usability
    • Block Internet Access While Allowing Local Area Network (LAN) Access
    • Block/Allow Specific Websites To Specific Users
    • Set Up HIPS For Maximum Security And Usability
    • Create Rules To Auto-Contain Applications
    • Password Protect Your CIS Settings
    • Reset Forgotten Password (Advanced)
    • Run An Instant Antivirus Scan On Selected Items
    • Create An Antivirus Scan Schedule
    • Run Untrusted Programs In The Container
    • Run Browsers In The Container
    • Run Untrusted Programs In The Virtual Desktop
    • Run Browsers In The Virtual Desktop
    • Restore Incorrectly Blocked Items
    • Restore Incorrectly Quarantined Items
    • Submit Quarantined Items To Comodo For Analysis
    • Enable File Sharing Applications Like BitTorrent And Emule
    • Block Any Downloads Of A Specific File Type
    • Switch Between Complete CIS Suite And Individual Components (just AV Or FW)
    • Switch Off Automatic Antivirus And Software Updates
    • Suppress CIS Alerts Temporarily While Playing Games
    • Renew Or Upgrade Your License
    • Use CIS Protocol Handlers
    • Configure Secure Shopping
    • Comodo Cloud Backup
    • Give Contained Applications Write Access To Local Folders
    • Use The Comodo Uninstaller Tool
  • Appendix 2 - Comodo Secure DNS Service
    • Router - Enable Comodo Secure DNS Service
    • Windows - Enable Comodo Secure DNS
  • Appendix 3 - Glossary Of Terms
  • Appendix 4 - CIS Versions
  • About Comodo Security Solutions

Search and Filter Logs


You can run a simple filter of events by date, and use advanced filters to conduct more complex searches.

  • Filter by date/time
  • Advanced Filters

Filter by date/time 

  • Click 'Tasks' > 'Advanced Tasks' > 'View Logs'
OR
  • Click ‘Logs’ in advanced view of the CIS home screen 
  • Select an event category from the drop-down at top-left
  • Click 'Filter by Date and Time' to choose a specific period:




    • No filtering - Show every event logged since CIS was installed. If you have cleared the logs since installation, this option shows all logs created since that clearance.
    • Within last - Show all logs from a certain point in the past until the present time.
    • Except last - Exclude all logs from a certain point in the past until the present time.
    • Today - Show all events logged today, from 12:00 am to the current time.
    • Current Week - Show all events logged from the previous Sunday to today.
    • Current Month - Display all events logged from 1st of the current month to today.
    • Within the period of - Show logs between a custom date range.
    You can also right-click inside the log viewer module and choose the time period.



    Advanced Filters


    Advanced filters let you run complex queries based on a variety of criteria. Search parameters vary from module to module.

    • Click 'Logs' in the CIS menu bar
    • Select a module in the drop-down on the left
    • Click ‘Advanced Filter’:


     

    • Select a filter category at top-left then click ‘Add’
    • Search parameters vary according to the filter category. You can include multiple filter categories to refine your search

    Click the following links to view the options available with each module:

    • Antivirus Events
    • VirusScope Events
    • Firewall Events
    • HIPS Events
    • Containment Events
    • Website Filtering Events
    • Device Control Events
    • Autorun Events
    • Alerts
    • CIS Tasks
    • File List Changes
    • Vendor List Changes
    • Trusted Certificate Authority Change Logs
    • Configuration Changes
    • Secure Shopping Activity Logs 


    Antivirus Events


    Filter Category

    Description

    Parameters

    Action


    Filter logs based on the action taken by CIS against the detected threat.

     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice.

    Select the filter parameter:

    • Quarantine: Shows events at which the user chose to quarantine a file
    • Remove: Shows events at which the user chose to delete the detected threat
    • Ignore: Shows events at which the user chose to ignore the detected threat
    • Detect: Shows events involving only the detection of malware
    • Ask: Displays events where an alert was shown to the user so they could choose an action against a piece of detected malware
    • Restore: Shows events at which quarantined applications were restored to original location by admin from Endpoint Manager
    • Block: Shows events where suspicious applications were stopped
    • Reverse: Shows events where VirusScope overrode potentially malicious actions
    • False positive: Shows events where files flagged as threats by CIS were submitted to Comodo by the user as a false positive.
    • Add To exclusions: Shows events in which the user chose to add an item to antivirus exclusions
    • Add To trusted files: Shows events in which the user changed the file rating to 'Trusted'
    • Restore from Quarantine: Shows events in which files were returned to original location from quarantine
    • Delete from Quarantine: Shows events in which files were removed permanently from quarantine

    Location

     Filter the log entries related to events logged from a specific location.

     

    • Enter the text or word that needs to be filtered

    For example, if you select 'Contains' option from the drop-down and enter the phrase 'C:/Program Files/' in the text field, then all events containing the entry 'C:/Program Files/' in the 'Location' field are displayed.

    Malware Name

    Filter the log entries related to specific malware.


    • Enter the text in the name of the malware that needs to be filtered.

    For example, if you choose 'Contains' from the drop-down and type 'siins' in the text field, then all events with 'siins' in the 'Malware Name' field are shown.

    Status

    Filter the log entries based on the success or failure of the action taken against the threat by CIS.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice

    Select the filter parameter:

    • Success: Shows events in which the actions against the detected threat were successfully executed (for example, the malware was successfully quarantined)
    • Failure: Shows events at which the actions against the detected threat failed to execute (for example, the malware was not disinfected)


    VirusScope Events

    Filter Category

    Description

    Parameters

    Action


    Filter logs based on the action taken by CIS against the detected threat.


     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice

    Select the filter parameter:

    • Quarantine: Shows events at which the user chose to quarantine a file
    • Remove: Shows events at which the user chose to delete the detected threat
    • Ignore: Shows events at which the user chose to ignore the detected threat
    • Detect: Shows events involving only the detection of malware
    • Ask: Displays events where an alert was shown to the user so they could choose an action against a piece of detected malware
    • Restore: Shows events at which quarantined applications were restored to original location by admin from Endpoint Manager
    • Block: Shows events where suspicious applications were stopped
    • Reverse: Shows events where VirusScope overrode potentially malicious actions
    • False positive: Shows events where files flagged as threats by CIS were submitted to Comodo by the user as a false positive.
    • Add To exclusions: Shows events in which the user chose to add an item to antivirus exclusions
    • Add To trusted files: Shows events in which the user changed the file rating to 'Trusted'
    • Restore from Quarantine: Shows events in which files were returned to original location from quarantine
    • Delete from Quarantine: Shows events in which files were removed permanently from quarantine

    Location

    Filter the log entries related to events logged from a specific location.

    Select 'Contains' or 'Does Not Contain' option from the drop-down field

    • Enter the text or word that needs to be filtered

    For example, if you select 'Contains' option from the drop-down and enter the phrase 'C:/Program Files/' in the text field, then all events containing the entry 'C:/Program Files/' in the 'Location' field are displayed.

    Malware Name

    Filter the log entries related to specific malware.

    • Enter the text in the name of the malware that needs to be filtered.

    For example, if you choose 'Contains' from the drop-down and type 'siins' in the text field, then all events with 'siins' in the 'Malware Name' field are shown.

    Status

    Filter the log entries based on the success or failure of the action taken against the threat by CIS.


     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice

    Select the filter parameter:

    • Success: Shows events in which the actions against the detected threat were successfully executed (for example, the malware was successfully quarantined)
    • Failure: Shows events at which the actions against the detected threat failed to execute (for example, the malware was not disinfected)

    Firewall Events

    Filter Category

    Description

    Parameters

    Action

    Filter logs based on events according to the response (or action taken) by the firewall


     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice

    Select the filter parameter:

    • Blocked: Shows events where CIS prevented the connection
    • Allowed: Shows events where the connection was allowed to proceed
    • Asked: Shows events where an alert was shown to the users so they could choose whether or not to allow the connection

    Application

     

     

    Filter logs based on events propagated by a specific application


    • Enter the text or word that needs to be filtered.

    For example, if you choose 'Contains' from and enter the phrase 'cuckoo' in the text field, then all FW events containing the entry 'cuckoo' in the 'Application' column are displayed

    Destination IP

    Filter logs based on events with a specific target IP address

    1. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.

    2. Select 'IPv4' or 'IPv6' from the drop-down box.


    • Enter the IP address of the destination server or host, to filter the events that involve the connection attempts from/to that destination server or host.

    For example, if you choose 'Contains' option from the drop-down, select IPv4 and enter 192.168.111.11 in the text field, then all events containing the entry '192.168.111.11' in the 'Destination IP' column will be displayed.

    Destination Port

    Filter logs based on events that involved a specific target port number.


    Select any one of the option the drop-down:

    • Equal
    • Greater than
    • Greater than or Equal
    • Less than
    • Less than or Equal
    • Not Equal
    • Enter the destination port number in the text entry field

    For example, if you choose 'Equal' option from the drop-down and enter 8080 in the text field, then all events containing the entry '8080' in the 'Destination Port' column will be displayed.

    Direction

    Filter logs based on events of inbound or outbound nature


     

     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice

    Select the filter parameter:

    • In: Shows a list of events involving inbound connection attempts
    • Out: Shows a list of events involving outbound connection attempts

    For example, if you choose 'Equal' option from the drop-down and select the 'In' checkbox, then all inbound connection attempts will be displayed.

    Protocol

    Filter logs based on events that involved a specific protocol.


     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice

    Select the filter parameter:

    • TCP
    • UDP
    • ICMP
    • IPV4
    • IGMP
    • GGP
    • PUP
    • IDP
    • IPV6
    • ICMPV6
    • ND

    For example, if you choose 'Equal' option from the drop-down and select the 'TCP' checkbox, then all connection attempts involving TCP protocol will be displayed.

    Source IP

    Filter logs based on events that originated from a specific IP address

    1. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' inverts your selected choice.

    2. Select 'IPv4' or 'IPv6' from the drop-down box.

    • Enter the IP address of the source server or host, to filter the events that involve the connection attempts from/to that source server or host system.

    For example, if you choose 'Contains' then select IPv4 and enter 192.168.111.22 in the text field, then all events containing the entry '192.168.111.11' in the 'Source IP' column will be displayed.

    Source Port

    Filter logs based on events that involved a specific source port number

    Select any one of the option the drop-down:

    • Equal
    • Greater than
    • Greater than or Equal
    • Less than
    • Less than or Equal
    • Not Equal
    • Enter the destination port number in the text entry field

    For example, if you choose 'Equal' and enter 8080 in the text field, then all events containing the entry '8080' in the 'Source Port' column will be displayed.


    HIPS Events


    Filter Category

    Description

    Parameters

    Application

    Filter logs based on events propagated by a specific application.


    • Enter the search criteria for filtering the logs in the text field.

    For example, if you choose 'Contains' from the drop-down and enter the phrase 'cuckoo' in the text field, then all events containing the entry 'cuckoo' in the 'Application' column are displayed.

    Action

    Filter logs based on events according to the response (or action taken) by HIPS


     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the filter parameter:

    • Scanned online and found malicious
    • Access memory
    • Create process
    • Terminate process
    • Modify key
    • Modify file
    • Direct memory access
    • Direct disk access
    • Direct keyboard access
    • Direct monitor access
    • Load driver
    • Send message
    • Install Hook
    • Access COM interface
    • Execute image
    • DNS/RPC client access
    • Change HIPS Mode
    • Shellcode injection
    • Block file
    • Suspicious
    • Hook
    • Alert Suppressed
    • Scanned and found safe

    For example, if you choose 'Equal' and select 'Create process', only events involving the creation of a process by applications are displayed.

    Target

     

    Filter logs based on events that involved a specified target application.


    • Enter the search criteria for filtering the logs in the text field.

    For example, if you choose 'Contains' and enter the phrase 'svchost.exe' in the text field, then all events containing the entry 'svchost.exe' in the 'Target' column will be displayed.


    Containment Events

    Filter Category

    Description

    Parameters

    Application

     Show events propagated by a specific application.


    • Enter the search criteria for filtering the logs in the text field.

    For example, if you choose 'Contains' and enter the phrase 'pcflank' in the text field, then all events containing the entry 'pcflank' in the 'Application' column are displayed.

    Rating

     

    Show events which concern files that have a specific trust-rating.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.


     


    Select the filter parameter:

    • None
    • Unrecognized
    • Trusted
    • Malicious

    For example, if you choose 'Equal' and select the 'Unrecognized' file rating, only the containment events involving applications that are categorized as 'Unrecognized' are displayed.

    Action

    Show events where a specific action was applied to the file by CIS.


     

     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.


    Select the restriction level(s) applied by the container to the applications, either automatically of or chosen by the user from the alert.

    • Run Restricted
    • Run Virtually
    • Blocked
    • Ignored

    For example, if you choose 'Equal' from the drop-down and select 'Run Virtually', only the events of applications that are run inside the container are displayed.

    Contained by

    Show events where the file was isolated by a specific module or user.


     

     

    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.


    Select the source(s) by which the applications were contained.

    • Containment Policy
    • User
    • Contained Process
    • Containment Service

    For example, if you choose 'Contains' and select the 'User' checkbox, then only events involving applications that were manually run inside the container are displayed.

    Parent Process

     

    Show files contained based on its source process.



    • Enter the name of the application associated with the process, that launched contained item as the search criteria for filtering the logs in the text field.

    For example, if you choose 'Contains' and enter the phrase 'RuntimeBroker.exe' in the text field, then all events containing the entry 'RuntimeBroker.exe' in the 'Parent Process' column are displayed.

    Parent Process ID

     

    Show events created by a source process ID.


    Select 'Contains' or 'Does Not Contain' from the drop-down menu.

    • Enter the process ID of the application associated, that launched contained item as the search criteria for filtering the logs in the text field.

    For example, if you choose 'Contains' and enter the ID '2612' in the text field, then all events containing the entry '2612' in the 'Parent Process ID' column will be displayed.

    Parent Process Hash

    Show events where items was contained based on its source process(es) specified by hash value(s) of executable file(s) associated with the source process(es).


    Select 'Contains' or 'Does Not Contain' from the drop-down menu.

    • Enter the SHA1 hash value of the executable file associated with the process, that launched contained item as the search criteria.


    Website Filtering Events


    Filter Category

    Description

    Parameters

    Website

    Show only events that involved a specific website.


    Select 'Contains' or 'Does Not Contain' from the drop-down menu.

    • Enter the website address in part or full, to filter the logs involving the website.

    For example, if you choose 'Contains' option from the drop-down and enter the phrase 'facebook.com' in the text field, then all events that involve the website 'facebook.com' in the 'Website' column are displayed.

    Category Name

    Show events that involved websites which are covered by a website filtering category.



    • Enter the website filter category name, to filter the logs involving the category

    For example, if you choose 'Contains' and enter the phrase 'Malware Sites' in the text field, then all events involving websites in the 'Malware Sites' category are displayed.

    Action

    Show only events that involved a specific response by CIS.


     

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the action(s) to filter the logs involving those action(s).

    • Allow
    • Block
    • Ask

    For example, if you choose 'Equal' and 'Block', then only events where websites blocked are displayed.


    Device Control Events

    Filter Category

    Description

    Parameters

    Name

     Filter the entries based on the type of the device.


    • Enter the type of the device in full or part as your filter criteria in the text field.

    For example, if you choose 'Contains' and type 'USB Input Device' in the text field, you will see logs related to USB input devices like keyboards, mice and finger print scanners.

    Identifier

     Filter entries based on the device ID of the external device.


    • Enter the device ID of the device in full or part as your filter criteria in the text field.

    For example if you have chosen 'Contains' and entered 'USBVID_0627&PID_0001', in the text field only those log entries related to external devices whose device ID contains the string are displayed.

    Class

     Filter the entries based on the GUID of the device

    • Enter a Device Class ID (GUID) in part or full as your search criteria

    For example, if you select 'Contains' option from the drop-down field and enter '4D36E967', then all events containing the entry '4D36E967' in the 'Class' field are displayed..

    State

     Filter events based on whether the device connection attempt was allowed or blocked.

    Select the parameter to refine your search.

    • Enabled
    • Disabled


    Autorun Events

     

    Filter Category

    Description

    Parameters

    Type

    Filter entries based on the class of autorun.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the parameter(s)

    • Windows Service
    • Autostart entry
    • Scheduled task

    Location

     Filter entries based on application path.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

    • Enter the location or a part of it as your filter criteria in the text field.

    For example if you have chosen 'Contains' and entered 'C:/Program Files (x86)/Cuckoo Files/Cuckoo.exe in the text field, then only log entries with the same value in the 'Path' column are displayed.

    Modifier

     Filter logs by the file or user that launched the event.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your choice.

    • Enter the location or a part of it as your filter criteria in the text field.

    For example if you choose 'Contains' and enter 'C:/Users/tester/AppData/Roaming/Microsoft/Windows/Start Menu/Programs/Startup/UnknownAppUI3.exe' in the text field, then only log entries with the same value in the 'Path' column will be displayed.

    Action

    Filter the events based on CIS response to the detected threat.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice.

    • Ignore - CIS does not take any action
    • Terminate - CIS stops the process / service
    • Terminate and Disable - Auto-run processes will be stopped and the corresponding auto-run entry removed. In the case of a service, CIS disables the service.
    • Quarantine and Disable - Auto-run processes will be quarantined and the corresponding auto-run entry removed. In the case of a service, CIS disables the service.

    Detected By

    Filter the entries based on the CIS component that discovered the threat.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice


    Select the specific filter parameter to refine your search.

    • Autorun monitor
    • Antivirus Scan

    Status

    Filter the entries based on the success or failure of the action taken against the threat by CIS.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice

    Select the specific filter parameter to refine your search.

    • Success: Shows events where the actions against the detected threat were successful. For example, the malware was successfully quarantined.
    • Failure: Shows events where the intended actions against the detected threat were not successful. For example, the malware was not disinfected.


    Alerts

     

    Filter Category

    Description

    Parameters

    Advice

    Filter entries by the security recommendation in the alert.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' will invert your selected choice.

    • Enter the text or word as your filter criteria.

     For example, choose 'Contains' and enter the phrase 'you can safely allow this request' in the text field.

    Answer

    Filter the events based on what action the user selected at the alert.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the parameter to refine your search.

    • Unknown
    • Allow
    • Deny
    • Treat as
    • Disinfect
    • Quarantine
    • Quarantine and reserve
    • Skip once
    • Add to exclusions
    • Add to trusted files
    • False positive
    • Skip
    • Terminate
    • Keep inside the Container
    • Run outside the Container
    • Deny and Terminate
    • Deny, Terminate and Reverse
    • Containment
    • Visit with Secure Browser
    • Run Unlimited
    • Run inside the Container
    • Blocked

    For example, if you choose 'Equal' from the drop-down and select the 'Add to exclusions' checkbox, only the alerts where you answered 'Ignore' > 'Ignore and Add to exclusions' are displayed.


    Answered

    Filter logs based on the date the user answered the alerts.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    • Enter or select the required date from the date picker

    For example, if you select 'Equal' and select '07/31/2017', only alerts answered on 07/31/2017 are displayed.

    Description

    Filter the entries based on the description of the attempt displayed in the alert.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

    • Enter the text or word as your filter criteria.

    For example, if you select 'Contains' from the drop-down and enter 'connect to the internet', only the log entries of firewall alerts that contain the phrase 'connect to the internet' in the description are displayed.

    Option

    Filter the log entries where the user selected an additional options like 'Remember my answer', 'Submit as False Positive' from the alert.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the specific filter parameters to refine your search.

    • Remember
    • Restore point
    • Submit
    • Trusted publisher

    For example, if you choose 'Equal' from the drop-down and select 'Remember' from the checkbox options, only the log entries of alerts for which 'Remember my answer' option was selected are displayed.

    Treat as

    Filter events where the user chose specific actions on the alert. For example, 'treat as a safe application', 'treat as an installer' and so on.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

    • Enter the text or word as your filter criteria

    For example, if you have chosen 'Contains' from the drop-down and entered 'Installer' in the text field, only the log entries containing the phrase 'Installer' in the 'Treat As' column are displayed.

    Alert Type

    Filter the log entries based on the CIS component that triggered the alert.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the specific filter parameters to refine your search.

    • Antivirus Alert
    • Firewall Alert
    • HIPS alert
    • Containment alert
    • VirusScope Alert
    • Network alert

    For example, if you select 'Equal' from the drop-down and select 'Antivirus Alert' checkbox, only the log of antivirus alerts are displayed.


    CIS Tasks


    Filter Category

    Description

    Parameters

    Code

    Filter the entries based on specified error code.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.


    • Enter the code or a part of it as your filter criteria in the text field.

    For example, if you have select 'Equal' and entered '0x80004004' in the text field, then only entries containing the value '0x80004004' in the 'Code' column are displayed.

    Completed

    Filter events based on tasks successfully finished on the specified date.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    • Enter or select the required date from the date picker

    For example, if you choose 'Equal' and select '08/01/2019', only the logs of tasks completed on 08/01/2019' are displayed.

    Parameter

    Filter the entries based on the specified parameter. A 'parameter' is a sub-type of the main task type. For example, 'Quick Scan' and 'Rating Scan' are both parameters of the main task type 'Antivirus Scan'.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

    • Enter the text or word as your filter criteria.

    For example, if you choose 'Contains' option from the drop-down and enter the phrase 'Quick Scan' in the text field, then only the entries of 'Antivirus Scan Tasks' with the scan parameter 'Quick Scan' are displayed.

    Type

    Filter the entries based on the CIS tasks category.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the specific filter parameters to refine your search.

    • Antivirus update
    • Antivirus scan
    • Log Clearing
    • Product upgrade
    • Binary update
    • File Rating DB Upgrade
    • Purge file list
    • Virtual Desktop Session
    • Reset the Container
    • DLP Discovery Scan

    File List Changes


    Filter Category

    Description

    Parameters

    Location

    Filter the entries based on the file path whose trust rating was changed.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.


    • Enter the location or a part of it as your filter criteria in the text field.

    For example if you have chosen 'Contains' and entered 'C:/Program Files (x86)/Cuckoo Files/Cuckoo.exe in the text field, then only log entries with the same value in the 'Path' column are displayed.

    Modifier

    Filter events based on who changed the file rating.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the filter parameter to refine your search

    • Administrator
    • User
    • Comodo

    For example, if you select 'Equal' from the drop-down and select 'User' checkbox, only logs of changes done by the users are displayed.

    Action

    Filter the entries based on the file activity.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the filter parameter to refine your search

    • Added
    • Changed
    • Removed

    For example, if you select 'Equal' from the drop-down and select 'Removed' checkbox, only the logs of files that were removed from the file list are displayed.

    Rating Source

     

    Filter the entries by who provided the file rating


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

     

    Ratings can be provided by:

    • Administrator
    • Administrator (by Vendor)
    • User
    • User (by Vendor)
    • AV database
    • Trusted installer
    • FLS
    • FLS (by Vendor)
    • Valkyrie
    • SmartScreen
    • Signed by Comodo
    • Signed by Microsoft
    For example, if you select 'Equal' from the drop-down and select 'User' checkbox, only the logs of files that were rated by the users are displayed.

    Old Rating

     

    Filter the entries by who provided the file rating


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

    Select the filter parameter to refine your search

    • Unrecognized
    • Trusted
    • Malicious

    For example, if you select 'Contains' from the drop-down and select 'Unrecognized' checkbox, only the logs of files that are rated as 'Unrecognized' in the 'Old Rating' column are displayed.

    New Rating

     

    Filter logs by the trust rating of files after the change


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

    Select the filter parameter to refine your search

    • Unrecognized
    • Trusted
    • Malicious

    For example, if you select 'Contains' from the drop-down and select 'Malicious' checkbox, only the logs of files that are rated as 'Malicious' in the 'New Rating' column are displayed.

    File Hash

     

    Filter logs by hash value


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice

    • Enter the SHA1 hash value of the file in the text field to refine your search


    Vendor List Changes


    Filter Category

    Description

    Parameters

    Vendor

    Filter logs by the software publisher name whose trust rating was changed.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.


    Type the name of the vendor in full or part in the text field.


    For example if you choose 'Contains' and enter ‘Digital’ in the text field, only those log entries related to the vendors who has contain ‘Digital’ as a part in their name are displayed.

    Modifier

    Filter logs by who changed the vendor rating.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' will invert your choice.

    Select the filter parameter to refine your search

    • Administrator
    • User
    • Comodo

    For example, if you select 'Equal' from the drop-down and select 'User' checkbox, only logs of changes done by the users are displayed.

    Action

     

     

    Filter logs by the type of change made to the vendor list.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice

     

    Possible actions:

    • Added
    • Changed
    • Removed

    For example, if you select 'Equal' from the drop-down and select 'Removed' checkbox, only the logs of vendors that were removed from the vendor list are displayed.

    Property

     

     

    Filter logs by the entity that provided the vendor rating.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

     

    Entities that can provide trust ratings:

    • Administrator Rating
    • User Rating
    • Comodo Rating

    For example, if you select 'Equal' from the drop-down and select 'User Rating' checkbox, only the logs of vendors that were rated by users are displayed.

    Old Rating

     

    Filter logs by the trust rating of the vendor before the change


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

    Select the filter parameter to refine your search

    • Unrecognized
    • Trusted
    • Malicious

    For example, if you select 'Contains' from the drop-down and select 'Unrecognized' checkbox, only the logs of vendors that are rated as 'Unrecognized' in the 'Old Rating' column are displayed.

    New Rating

     

    Filter logs by the vendor’s trust rating after the change.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

     

    Possible new trust ratings are:

    • Unrecognized
    • Trusted
    • Malicious

    For example, if you select 'Contains' from the drop-down and select 'Malicious' checkbox, only the logs of vendors that are rated as 'Malicious' in the 'New Rating' column are displayed.


    Trusted Certificate Authorities

    Filter Category

    Description

    Parameters

    Vendor

    Filter logs by the software publisher name whose trust rating was changed.

    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your choice.


    Type the name of the vendor in full or part in the text field.

    For example if you choose 'Contains' and enter ‘Digital’ in the text field, only those log entries related to the vendors who has contain ‘Digital’ as a part in their name are displayed.

    Modifier

    Filter logs by who changed the trusted certificate authorities rating

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Select the filter parameter to refine your search.

    • User

    • Comodo

    For example, if you select 'Equal' from the drop-down and select 'User' checkbox, only logs of changes done by the users are displayed.

    Action

    Filter logs by the type of change made to the trusted certificate authorities list.

    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Possible actions:

    • Added

    • Changed

    • Removed

    For example, if you select 'Equal' from the drop-down and select 'Removed' checkbox, only the logs of trusted certificate authorities that were removed from the vendor list are displayed.

    Property

    Filter logs by the entity that provided the trusted certificate authorities rating

    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your choice.

    Entities that can provide trust ratings:

    • Administrator Rating

    • User Rating

    • Comodo Rating

    For example, if you select 'Equal' from the drop-down and select 'User Rating' checkbox, only the logs of trusted certificate authorities that were rated by users are displayed.

    Old Rating

    Filter logs by the trust rating of the trusted certificate authorities before the change.

    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your choice.

    Select the filter parameter to refine your search.

    • Unrecognized

    • Trusted

    • Malicious

    For example, if you select 'Contains' from the drop-down and select 'Unrecognized' checkbox, only the logs of trusted certificate authorities that are rated as 'Unrecognized' in the 'Old Rating' column are displayed.

    New Rating

    Filter logs by the trusted certificate authorities's trust rating after the change.

    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain’ inverts your choice.

    Possible new trust ratings are:

    • Unrecognized

    • Trusted

    • Malicious

    For example, if you select 'Contains' from the drop-down and select 'Malicious' checkbox, only the logs of trusted certificate authorities that are rated as 'Malicious' in the 'New Rating' column are displayed.


    Configuration Changes

     

    Filter Category

    Description

    Parameters

    Action

     Filter logs by the type of change that was made. For example, rule modified, file exclusion created.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Options are:

    • Added
    • Changed
    • Removed
    • Option changed

    Modifier

    Filter events based on who changed the configuration such as the user, administrator and response given to an alert.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    The possible modifiers are:

    • User
    • Auto learn
    • Antivirus Alert
    • Firewall Alert
    • HIPS alert
    • Containment alert
    • Scheduler
    • Comodo
    • Administrator

    For example, if you select 'Equal' from the drop-down and select 'User' checkbox, only logs of changes done by the users are displayed.

    Name

    Filter the entries based on object label that was affected by the configuration change, for example, Shared Spaces, Windows Management and so on.


    Select 'Contains' or 'Does Not Contain' option from the drop down menu. 'Does Not Contain' inverts your selected choice.

    Enter the object name as filter criteria in the text box.


    For example, if you choose 'Contains' then enter the phrase 'surfer.exe' in the text field, then you will only see logs with surfer.exe in the name column.

    Component

     

    Filter logs by the object modified by the action.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice

    Select the affected object.


    It is not possible to list all possible objects in this table. Please consult the list in the search interface.



     


    Secure Shopping Events


    Filter Category

    Description

    Parameters

    Website

    Show only events that involved a specific website.


    Select 'Contains' or 'Does Not Contain' from the drop-down menu.

    • Enter the website address in part or full, to filter the logs involving the website.

    For example, if you choose 'Contains' option from the drop-down and enter the phrase 'sc.com' in the text field, then all events that involve the website 'sc.com' in the 'Website' column are displayed.

    Action

    Filter logs by the type of secure shopping event activity.


    Select 'Equal' or 'Not Equal' from the drop down. 'Not Equal' inverts your choice.

    Possible activities:

    • Visit with Secure Browser
    • Visit in Secure Shopping Environments
    • Ask

    For example, if you select 'Equal' from the drop-down and select 'Visit with Secure Browser' checkbox, only the session initiated events are displayed in the ‘Action’ column.


     

    Our Products
    • Free Antivirus
    • Free Internet Security
    • Website Malware Removal
    • Free Anti-Malware
    • Anti-Spam (Free Trial)
    • Windows Antivirus
    • Antivirus for Windows 7
    • Antivirus for Windows 8
    • Antivirus for Windows 10
    • Antivirus for MAC
    • Antivirus for Linux
    • Free Endpoint Security
    • Free ModSecurity
    • Free RMM
    • Free Website Malware Scanner
    • Free Device Manager for Android
    • Free Demo
    • Network Security
    • Endpoint Protection
    • Antivirus for Android
    • Comodo Antivirus
    • Wordpress Security
    Cheap CDN
    • Bootstrap CDN
    • Semantic UI CDN
    • Jquery CDN
    • CDN Plans
    • CDN
    • Free CDN
    Enterprise
    • Patch Management Software
    • Patch Manager
    • Service Desk
    • Website Down
    • Endpoint Protection Solutions
    • Website Security Check
    • Remote Monitoring and Management
    • Website Security
    • Device Manager
    • ITSM
    • CRM
    • MSP
    • Android Device Manager
    • MDR Services
    • Managed IT Support Services
    • Free EDR
    Free SSL Certificate
    Support Partners Terms and Conditions Privacy Policy

    © Comodo Group, Inc. 2025. All rights reserved.