Comodo Help
Find the desired product help
Comodo Endpoint Security Manager

Comodo Endpoint Security Manager

Administrator Guide v 2.1

English

Print Help Download Help
The Administrative Console > The Reports Area > Reports Gallery > CIS Log Report
  • Introduction To Endpoint Security Manager – SME
    • Software Components And System Requirements
    • Removing Incompatible Products
    • Installing And Configuring The Service
    • Key Concepts
    • Best Practices
    • Quick Start Guide
  • The Administrative Console
    • Logging-in To The Administrative Console
    • The Dashboard Area
      • Adding And Re-configuring Tiles
      • Quick Actions Tiles
      • Policy Status Tile
      • Endpoint Updates Tile
      • Endpoint Infections Tile
      • Connectivity Tile
      • Getting Started Tile
      • System Status Tile
      • License Status Tile
      • Software Tile
    • The Computers Area
      • Adding Endpoint Computers To ESM
        • Importing Computers By Automatic Installation Of Agent
        • Adding Computers By Manual Installation Of Agent And CIS
        • Updating Comodo Software On Managed Computers
      • Creating Endpoint Groups
      • Viewing Endpoints
      • Updating Endpoints
    • The Policies Area
      • Viewing Policies
      • Creating A New Policy
    • The Reports Area
      • Reports Gallery
        • Computer Details Report
        • CIS Configuration Report
        • Computer Infections Report
        • Quarantined Items Report
        • Antivirus Updates Report
        • CIS Log Report
        • Policy Compliance Report
        • Policy Delta Report
        • Malware Statistics Report
        • Top Ten Malware Report
      • Report Explorer
      • Report Settings
    • About
    • Logging Out Of ESM Console
  • How To... Tutorials
    • How To Connect CIS To CESM At The Local Endpoint
    • How To Configure CIS Policies - An Introduction
    • How To Set Up External Access From The Internet
    • How To Install CIS
  • Appendix 1 - The Service Configuration Tool
    • Start And Stop The ESM Service
    • Main Settings
    • Server Certificate
    • Internet And Mail Settings
    • Caching Proxy Settings
    • Viewing Database Event Log
  • About Comodo

CIS Log Report

 

The CIS installation in each target computer maintains a log of events for each of the Antivirus, Firewall and Defense+ components.

  • Antivirus - The Antivirus component documents the results of all actions it performed in an extensive but easy to understand log report. A detailed scan report contains statistics of all scanned objects, settings used for each task and the history of actions performed on each individual file. Log entries are also generated during real-time protection, and after updating the anti-virus database and application modules.

  • Firewall - The Firewall component records a history of all events/actions taken. Firewall 'Events' are generated and recorded for various reasons - including whenever an application or process makes a connection attempt that contravenes a rule in the Network Security Policy, or whenever there is a change in Firewall settings.

  • Defense+ - The Defense+ component records a history of all events/actions taken. Defense+ 'Events' are generated and recorded for various reasons. Examples include changes in Defense+ settings, when an application or process attempts to access restricted areas or when an action occurs that contravenes the Computer Security Policy.

The CIS Log report shows the log of events stored in the target computers for the selected component. The administrator can generate different log report for each of the component for viewing and printing/archival purpose.

 

To generate a 'CIS Log' report, click the 'logs' tile from the 'reports gallery' screen.

 







The 'Create CIS Log Report' wizard will start.

 

Step 1 - Select Report Type


The first step is to choose the CIS component for which you want to generate a log report.

 



  • Choose the component from Antivirus, Firewall and Defense+ and swipe the screen or click the right arrow to move to step 2 - Selecting targets

Step 2 - Selecting Targets

 

The 'Select Targets' screen will appear:

 



  • Select the group from the left hand side pane and select the member endpoint(s) for which you wish to generate the CIS Log report from the right hand side pane

  • Swipe the screen to the left or click the right arrow to move to step 2

 Step 3 - Selecting the Report Period

 

The next step is to choose the time period, that the report should include the log saved during it.

 



  • Specify the period start and end dates in the respective text fields in MM/DD/YYYY format. Alternatively, clicking the calendar icon at the right end of the text box displays a calendar to select the dates.

 

 Step 4 - Options

  • Generate downloadable report file- Select this option if you need to print or archive the report. You can choose the printable file to be generated in portable document (.pdf) or spreadsheet (.xls) format. On completion, the report generated can be downloaded to the administrator's computer.

Step 5 - Generate Report

  • Click the Finish icon  or swipe the screen to left to start generating the report.

Viewing the Report


  • The 'reports explorer' screen will be opened with the running reports tab selected. All the reports being generated currently will be listed with their status.



  • On completion of required report generation, select the report and click the details icon  . The report page will be displayed.


The report will contain a bar-graph summary of actions taken and the list of log entries for the component selected in step 1, recorded at the target endpoints selected at step 2 for the time period selected in step 3. If more than one computer is selected in step 2, the log reports are given for them one by one. The administrator can move through the successive pages by clicking the right arrow or the required page number at the bottom of the report.

 

Examples of:

  • Antivirus Log Report

  • Firewall Log Report

  • Defense+ Log Report

... are shown below.

 

At the bottom of each computer report, there may be additional log entries that can be displayed by clicking the pagination control .



Viewing Antivirus Log Report

 




Column Descriptions

  • Computer – Indicates the endpoint at which the threat was detected

  • Location - Indicates the location where the application detected with a threat is stored

  • Malware - Name of the malware event that has been detected

  • Action - Indicates action taken against the malware through Antivirus

  • Status - Gives the status of the action taken. It can be either 'Success' or 'Fail'

  • Date - Indicates the date and time of the event

Available Filters for Antivirus Log Report

 

The report screen allows the administrator to optimize the search by using the filter option. The available filters for the Antivirus Log report are:

  • Computer - Searches the report based on the name of the computer

  • Location - Searches the report based on the path where the malware is located in the endpoint

  • Malware - Filters the report based on malware name

  • Action - Filters the report based on the action taken whether detected or quarantined

  • Status - Filters the report based on the result of the action taken

  • Date - Searches the report based on the start date and end date

To filter the results:

  • Click the filter icon  in the respective column header to search for a particular item

  • Type or enter the filter criteria fully or partly or select and click 'Apply'

Only the entries that match the criteria will be displayed in the report.

  • Click 'Reset' to display all the items

Viewing Firewall Log Report

 




Column Descriptions

  • Application - Indicates which application or process propagated the event

  • Action - Indicates how the firewall has reacted to the connection attempt

  • Protocol - Represents the Protocol application attempted to use to create the connection. This is usually TCP/IP or UDP - which are the most heavily used networking protocols

  • Source IP - States the IP address of the host that made the connection attempt. This is usually the IP address of your computer for outbound connections

  • Source Port - States the port number on the host at the source IP which was used to make this connection attempt

  • Destination IP - States the IP address of the host to which the connection attempt was made. This is usually the IP address of your computer for inbound connections

  • Destination Port - States the port number on the host at the destination IP to which the connection attempt was made

  • Date - Contains precise details of the date and time of the connection attempt

Available Filters for Firewall Log Report

The report screen allows the administrator to optimize the search by using the filter option. The available filters for the Firewall Log report are:

  • Application - Searches the report based on the application name

  • Action - Filters the report based on action taken whether 'Blocked' or 'Asked'

  • Protocol - Filters the report based on the Protocol

  • Source IP - Searches the report based on source IP entered

  • Source Port – Filters the report based on the source port entered

  • Destination IP - Searches the report based on the destination IP

  • Destination Port - Filters the report based on the destination port entered

  • Date - Searches the report based on the start date and end date

To filter the results:

  • Click the filter icon  in the respective column header to search for a particular item

  • Type or enter the filter criteria fully or partly or select and click 'Apply'

Only the entries that match the criteria will be displayed in the report.

  • Click 'Reset' to display all the items

Viewing Defense+ Log Report

 



Column Descriptions

  • Computer – Indicates the endpoint at which the event has propagated

  • Application - Indicates which application or process propagated the event

  • Target - Represents the location of the target file

  • Date - Contains precise details of the date and time of the access attempt

Available Filters for Defense+ Log Report

The report screen allows the administrator to optimize the search by using the filter option. The available filters for the Defense+ Log report are:

  • Computer - Searches the report based on the computer name

  • Application - Searches the report based on the path where the application is located in the endpoint

  • Target - Filters the report based on the target location

  • Date - Searches the report based on the start date and end date

To filter the results:

  • Click the filter icon  in the respective column header to search for a particular item

  • Type or enter the filter criteria fully or partly or select and click 'Apply'

Only the entries that match the criteria will be displayed in the report.

  • Click 'Reset' to display all the items

Downloading the Report

If the administrator had opted for generating a printable report file in step 4, the report can be downloaded by clicking the Download icon  at the bottom of the report page.

Terms and Conditions Privacy Policy

© Comodo Group, Inc. 2013. All rights reserved.