Filtering File List Changes Logs
CCS allows you to create custom views of all logged events according to user defined criteria. You can use the following types of filters:
Clicking on the handle at the bottom enables you
to filter the logs for a selected time period:
- Today - Displays all logged events for today.
- Current Week - Displays all logged events during the current week. (The current week is calculated from the Sunday to Saturday that holds the current date.)
- Current Month - Displays all logged events during the month that holds the current date.
- Entire Period - Displays every event logged since Comodo Client Security was installed. (If you have cleared the log history since installation, this option shows all logs created since that clearance).
- Custom Filter – Enables you to select a custom period by choosing the 'From' and 'To' dates under 'Please Select Period'.
Alternatively, you can right click inside the log viewer module and choose the time period.
Having chosen a preset time filter you can further refine the displayed events according to specific filters. Following are available filters for File List logs and their meanings:
- Location - Displays only the events logged from a specific location
- Modifier: Indicates the user that has made the file change
- Action - Indicates the action taken by File List Changes in response to the event
- Property – Indicates the current rating of the file as per the analysis result from Comodo.
- Old Value – Displays the old value of the files, programs and applications
- New Value - Displays the new value of the files, programs and applications
To configure Advanced Filters for File List Changes Logs
-
Click the funnel button from the title bar. The Advanced Filter interface for 'File List Changes ' logs will open.
-
Select the filter from the 'Advanced Filter' drop-down and click 'Add' to apply the filter.
You have 6 categories of filters that you can add. Each of these categories can be further refined by either selecting or deselecting specific filter parameters or by the user typing a filter string in the field provided. You can add and configure any number of filters in the 'Advanced Filter' dialog.
Following are the options available in the 'Advanced Filter' drop-down:
i. Location: The 'Location' option enables you to filter the log entries related to events logged from a specific location. Selecting the 'Location' option displays a drop-down field and text entry field.
-
Select 'Contains' or 'Does Not Contain' option from the drop-down field.
-
Enter the text or word that needs to be filtered.
For example, if you select 'Contains' option from the drop-down and enter the phrase 'C:/Program Files'' in the text field, then all events containing the entry 'C:/Program Files' in the Location field will be displayed. If you select 'Does Not Contain' option from the drop-down field and enter the phrase 'C:/Program Files'' in the text field, then all events that do not have the entry 'C:/Program Files'' will be displayed.
ii Modifier: The 'Modifier' option allows you to filter the log entries based on the entity that is responsible for the file change. It can be the user, administrator or Comodo. Selecting the 'Modifier' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.
a. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.
b. Select which entities effected the change. The parameters available are:
- User
- Comodo
- Administrator
For example, if you choose 'Equal' in the drop-down and select the 'User' checkbox then only entries related to changes effected by users will be displayed.
iii. Action: The 'Action' option allows you to filter the log entries based on the actions executed like removed, added or changes file or applications. Selecting the 'Action' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.
a. Select 'Equal' or 'Not Equal' option from the drop-down box. 'Not Equal' will invert your selected choice.
b. Now select the checkboxes of the specific filter parameters to refine your search. The parameters available are:
- Added
- Changed
- Removed
For example, if you choose Equal in the drop-down and select 'Added' checkbox, then, only the log entries with the value 'Added' in the 'Action' column will be displayed.
iv. Property: The 'Property' option allows you to filter the log entries based on the entity that is responsible for changing the user rating of the file. Selecting the 'Property' option displays a drop-down box and a set of specific filter parameters that can be selected or deselected.
-
Select 'Contains' or 'Does Not Contain' option from the drop-down menu.
-
Enter the name of the change, partly or fully as filter criteria in the text box.
For example, if you choose 'Contains' from the drop-down and enter the phrase 'File Lookup System Rating', then only log entries containing the text 'File lookup System Rating' in the name column will be displayed.
v. Old Value: The 'Old Value' option allows you to filter the log entries by selecting the value of the parameter changed. Selecting the 'Old Value' option displays a drop-down field and text entry field.
a. Select 'Contains' or 'Does Not Contain' option from the drop-down menu.
b. Enter the name of the change, partly or fully as filter criteria in the text box.
For example, if you choose 'Contains' option from the drop-down and selecting 'Malicious' checkbox, only the log entries containing the Malicious in the old value column will be displayed.
vi. New Value: The 'New Value' option allows you to filter the log entries by selecting the value of the parameter changed. Selecting the 'New Value' option displays a drop-down field and text entry field.
a. Select 'Contains' or 'Does Not Contain' option from the drop-down menu.
b. Enter the name of the change, partly or fully as filter criteria in the text box.
For example, if you choose 'Contains' option from the drop-down and selecting 'Trusted' checkbox, only the log entries containing the Trusted in the new value column will be displayed.
Note: More than one filter can be added in the 'Advanced Filter' pane. After adding one filter type, select the next filter type and click 'Add'. You can also remove a filter type by clicking the 'X' button at the top right of the filter pane. |
- Click 'Apply' for the filters to be applied to the 'File List Changes' log viewer. Only those entries selected based on your set filter criteria will be displayed in the log viewer.