View Antivirus Scan History
The antivirus tab shows malware discovered on your managed endpoints. You can also see the malware installation path and quarantined items.
You can only view scan history on endpoints that have Xcitium Client Security installed. The scan history covers manual scans and automatic scans which ran as part of a profile.
View Device Scan history
- Click the 'Devices' > 'Device List'
- Click
the 'Device Management' tab
- Select a company or a group to view their devices
Or
- Select 'Show all' on the left to view every device enrolled to EM
- Click on the name of a Windows device then click the 'Antivirus' tab
- Quarantined Files – Shows files placed in quarantine on the device
- Open
the ‘Quarantined Files’
tab
Column Header |
Description |
---|---|
File Name |
The file that was moved to quarantine. |
File Path |
The location of the identified file on the device |
File Hash |
The SHA1 hash value of the quarantined file |
Date Quarantined |
Date and time at which the malware was identified and moved to quarantine on the device. |
Xcitium Rating |
The file's trust level as rated by XCS. |
Admin Rating |
The trust rating of the file as set by the administrator. Files can be rated as trusted, malicious or unrecognized. |
User’s last action |
The response to the quarantined item by the EM admin. |
User’s last action status |
The current status of the response. The possible statuses are: Operation failed. Try again. Command is queued Command has been sent |
- Click 'Request quarantined files' to import the list of most recently quarantined files from the device
The quarantine interface lets you:
Restore False Positives from Quarantine
You can restore items from quarantine to their original location. This is useful if an identified item is a false positive, or a trustworthy file.
- Select the items from the list
- Click 'Restore file(s) on Device' on the top
- The
items are restored to its original location on the device and
removed from the list.
Remove Malware files from the devices
You can permanently delete items from the device, if identified items are genuine malware.
- Select the items from the list
- Click 'Delete file(s) from Device' on the top
The items are deleted permanently from the device and removed from the list.
Rate files as 'Unrecognized', 'Trusted' or 'Malicious'
You can set a trust rating for items in quarantine as 'Admin Rating'. The admin rating supersedes the Xcitium rating for a file.
- Select the items from the list
- Click 'Rate as Unrecognized', 'Rate as Trusted' or 'Rate as Malicious' appropriate to the rating you want to assign to the items.
A confirmation is shown and the command is sent to the device.
- Files rated as 'Malicious' will stay in quarantine on the device.
- Files rated as 'Unrecognized' will be restored to their original locations on the device. Future AV scans may flag them as 'malicious' again.
- Files rated as 'Trusted' will be restored to their original locations in the device. These files will be white-listed and skipped by future antivirus scans.