Endpoint Manager

• Introduction To Comodo Client - Security For Linux
  • Special Features
  • System Requirements
  • Install Comodo Client - Security For Linux
  • Start CCS For Linux
  • Understand CCS Alerts
• The Summary Screen
• Antivirus Tasks - Introduction
  • Run A Scan
  • Update Virus Database
  • Scheduled Scans
  • Quarantined Items
  • Scan Profiles
  • Scanner Settings
    • Real Time Scan
    • Manual Scan
    • Scheduled Scan
    • Exclusions
• More Options - Introduction
  • Preferences
    • Language Settings
    • Log Settings
    • Connection Settings
    • Update Settings
    • External Device Control Settings
  • Manage My Configurations
    • Comodo Preset Configuration
    • Import / Export And Manage Personal Configurations
  • Diagnostics
  • View Antivirus Events
    • Log Viewer Module
      • Antivirus Logs
        • Filter Antivirus Logs
      • Device Control Logs
        • Filter Device Control Logs
      • Alerts Displayed Logs
        • Filter Alerts Displayed Logs
      • Tasks Launched Logs
        • Filter Tasks Launched Logs
      • Configuration Change Logs
        • Filter Configuration Change Logs
  • Browse Support Forums
  • Help
  • About
• Appendix 1 - CCS For Linux How To Tutorials
  • Scan Your Computer For Viruses
  • View Antivirus Events
  • Configure Database Updates
  • Quickly Set Up Security Levels
  • Change CCS Language Settings
  • Run An Instant Antivirus Scan On Selected Items
  • Create A Scheduled Scan
  • Restore Incorrectly Quarantined Item(s)
  • Switch Off Automatic Antivirus Updates
  • Control External Device Accessibility
• About Comodo Security Solutions

Filter Antivirus Logs

You can create custom views of all logged events according to the following criteria:

• Action - Filter events according to the response (action taken) by the antivirus

• Location - Filter events by the path at which the malware was found

• Malware Name - Display only those events that reference a specific piece of malware

• Status - Filter events according to whether the attempted action was successful or not. Status options are 'Success' or 'Fail'

Configure Event Filters

• Open Comodo Client Security

• Click 'More' > 'View Antivirus Events'

• Click the 'More' button to open the log viewer module

• Select 'Antivirus Events' in the left-menu

• Right-click inside the log viewer module and select 'Advanced Filter'

OR

• Click 'View' on the menu bar and select 'Advanced Filter' 

There are 4 types of filter. Each of these can be further refined by selecting or deselecting specific parameters.

• Select a filter criteria and click 'Add'

 

1. Action: Filter logs by the response to the threat. You can then select a specific action. For example, only show events where the threat was quarantined.

 

• Select 'Equal' or 'Not Equal' from the drop-down.

• Equal – Show only events which feature the action you select. You can select multiple actions.

• Not Equal - Inverts your choice. For example, select 'Not Equal' + 'Ignore' to view every event except those that were ignored.

• Choose the events you want to view:

• Quarantine: Events where the threat was placed in quarantine

• Remove: Events where the user chose to delete a threat

• Ignore: Events where the user allowed the threat to proceed

• Detect: Events where a piece of malware was first identified

• Ask: Events where the user was asked to provide a response to a discovered threat. Users are asked for their response at an alert, or the results screen at the end of a scan. The response from the user might be 'Quarantine', 'Remove', 'Ignore' or 'Restore'.

• Restore: Events where the user removed the threat from quarantine and moved it back to its original location.

2. Location: View logs that concern files at a specific path. You need to enter the path in the field provided:

• Select 'Contains' or 'Does Not Contain' from the second drop-down:

• Contains - Show only events which concern items at the location you specify. You can add multiple locations

• Does Not Contain – Inverts your choice. Show all events except those at the location you specify

3. Malware Name: Filter logs by the label of the malicious item. You need to enter the name of the malware in the field provided:

• Select 'Contains' or 'Does Not Contain' from the second drop-down:

• Contains – Show only events which concern the malware named in the text field. You can add multiple malware names.

• Does Not Contain – Inverts your choice. Show all events except those that involve the malware you specify.
  

4. Status: Filter logs by whether or not the action taken on the threat was successful. You can view only successful actions, or only failed actions.

 

• Select 'Equal' or 'Not Equal' from the drop-down.

• Equal - Show only events which feature the result you select.

• Not Equal - Inverts your choice. For example, select 'Not Equal' + 'Success' to view every event except those that were successful.

• Choose the outcomes you want to view:

• Success: View events where the task in the 'Action' column was completed.

• Failure: View events where the task in the 'Action' column was not completed.