Find the desired product help

View Antivirus Scan History

 

The antivirus tab shows malware discovered on your managed endpoints. You can also see the malware installation path and quarantined items.


You can only view scan history on endpoints that have Xcitium Client Security installed. The scan history covers manual scans and automatic scans which ran as part of a profile.


View Device Scan history

  • Click the 'Devices' > 'Device List'
  • Click the 'Device Management' tab
  • Select a company or a group to view their devices
Or
  • Select 'Show all' on the left to view every device enrolled to EM
  • Click on the name of a Windows device then click the 'Antivirus' tab


Quarantined Files

  • Open the ‘Quarantined Files’ tab



Column Header

Description

File Name

The file that was moved to quarantine.

File Path

The location of the identified file on the device

File Hash

The SHA1 hash value of the quarantined file

Date Quarantined

Date and time at which the malware was identified and moved to quarantine on the device.

Xcitium Rating

The file's trust level as rated by XCS.

Admin Rating

The trust rating of the file as set by the administrator. Files can be rated as trusted, malicious or unrecognized.

User’s last action

The response to the quarantined item by the EM admin.

User’s last action status

The current status of the response. The possible statuses are:


Operation failed. Try again.


Command is queued


Command has been sent


  • Click 'Request quarantined files' to import the list of most recently quarantined files from the device

The quarantine interface lets you:

Restore False Positives from Quarantine


You can restore items from quarantine to their original location. This is useful if an identified item is a false positive, or a trustworthy file.

  • Select the items from the list
  • Click 'Restore file(s) on Device' on the top
  • The items are restored to its original location on the device and removed from the list.

Remove Malware files from the devices


You can permanently delete items from the device, if identified items are genuine malware.

  • Select the items from the list
  • Click 'Delete file(s) from Device' on the top

The items are deleted permanently from the device and removed from the list.


Rate files as 'Unrecognized', 'Trusted' or 'Malicious'


You can set a trust rating for items in quarantine as 'Admin Rating'. The admin rating supersedes the Xcitium rating for a file.

  • Select the items from the list
  • Click 'Rate as Unrecognized', 'Rate as Trusted' or 'Rate as Malicious' appropriate to the rating you want to assign to the items.

A confirmation is shown and the command is sent to the device.

  • Files rated as 'Malicious' will stay in quarantine on the device.
  • Files rated as 'Unrecognized' will be restored to their original locations on the device. Future AV scans may flag them as 'malicious' again.
  • Files rated as 'Trusted' will be restored to their original locations in the device. These files will be white-listed and skipped by future antivirus scans.