Xcitium Enterprise

• Introduction To Xcitium Client Security
  • Special Features
  • System Requirements
  • Install Xcitium Client Security
  • Start Xcitium Client Security
  • The Main Interface
    • The Home Screen
    • The Tasks Interface
    • The Widget
    • The System Tray Icon
  • Understand Security Alerts
  • Password Protection
• General Tasks - Introduction
  • Scan And Clean Your Computer
    • Run A Quick Scan
    • Run A Full Computer Scan
    • Run A Rating Scan
    • Run A Custom Scan
      • Create, Schedule And Run A Custom Scan Profile
    • Automatically Scan Unrecognized And Quarantined Files
  • Instantly Scan Files And Folders
  • Process Infected Files
  • Manage Virus Database Updates
  • Manage Blocked Autoruns
  • Manage Quarantined Items
• Firewall Tasks - Introduction
  • Configure Internet Access Rights For Applications
  • Stealth Your Computer Ports
  • Manage Network Connections
  • Stop All Network Activities
  • View Active Internet Connections
• Containment Tasks - Introduction
  • Run An Application In The Container
  • Reset The Container
  • Identify And Kill Unsafe Running Processes
  • Open Shared Space
  • The Virtual Desktop
    • Start The Virtual Desktop
    • The Main Interface
    • Run Browsers Inside The Virtual Desktop
    • Open Files And Run Applications Inside The Virtual Desktop
    • Pause And Resume The Virtual Desktop
    • Close The Virtual Desktop
• DLP Tasks - Introduction
  • Run Data Loss Prevention Scans
  • Manage DLP Quarantined Files
• Advanced Tasks - Introduction
  • Create A Rescue Disk
    • Download And Burn Comodo Rescue Disk
  • Remove Deeply Hidden Malware
  • Manage XCS Tasks
  • View XCS Logs
    • Antivirus Logs
    • VirusScope Logs
    • Firewall Logs
    • HIPS Logs
    • Containment Logs
    • Website Filtering Logs
    • Device Control Logs
    • Autorun Event Logs
    • Alerts Logs
    • XCS Tasks Logs
    • File List Changes Logs
    • Vendor List Changes Logs
    • Configuration Changes Logs
    • Virtual Desktop Event Logs
    • Data Loss Prevention Event Logs
    • Search And Filter Logs
  • Submit Files For Analysis To Xcitium
  • View Active Process List
• XCS Advanced Settings
  • General Settings
    • Customize User Interface
    • Configure Virus Database Updates
    • Log Settings
    • Manage XCS Configurations
      • Xcitium Preset Configurations
      • Personal Configurations
    • Manage Performance
  • Antivirus Configuration
    • Real-time Scanner Settings
    • Scan Profiles
  • Firewall Configuration
    • General Firewall Settings
    • Application Rules
    • Global Rules
    • Firewall Rule Sets
    • Network Zones
      • Network Zones
      • Blocked Zones
    • Port Sets
  • HIPS Configuration
    • HIPS Settings
    • Active HIPS Rules
    • HIPS Rule Sets
    • HIPS Groups
      • Registry Groups
      • COM Groups
  • Protected Objects
    • Protected Objects - HIPS
      • Protected Files
      • Blocked Files
      • Protected Registry Keys
      • Protected COM Interfaces
    • Protected Objects - Containment
      • Protected Files And Folders
      • Protected Keys
  • Data Loss Prevention
    • DLP Monitoring Rules
    • DLP Discovery Rules
    • DLP Keyword Groups
  • Containment Settings
    • Containment Settings
    • Auto-Containment Rules
    • Virtual Desktop Settings
    • Containment - An Overview
    • Unknown Files - The Scanning Processes
  • File Rating Configuration
    • File Rating Settings
    • File Groups
    • Submitted Files
  • Advanced Protection
    • VirusScope Settings
    • Scan Exclusions
    • Device Control Settings
    • Script Analysis Settings
    • Miscellaneous Settings
  • Web Filter Settings
    • Website Filtering Rules
    • Website Categories
• Appendix 1 - XCS How To... Tutorials
  • Enable / Disable AV, Firewall, Auto-Containment And VirusScope Easily
  • Set Up The Firewall For Maximum Security And Usability
  • Block Internet Access While Allowing Local Area Network (LAN) Access
  • Block / Allow Specific Websites To Specific Users
  • Set Up HIPS For Maximum Security And Usability
  • Create Rules To Auto-Contain Applications
  • Run An Instant Antivirus Scan On Selected Items
  • Create An Antivirus Scan Schedule
  • Run Untrusted Programs Inside The Container
  • Run Browsers Inside The Container
  • Restore Incorrectly Quarantined Items
  • Submit Quarantined Items To Xcitium Verdict Cloud For Analysis
  • Enable File Sharing Applications Like BitTorrent And Emule
  • Block Any Downloads Of A Specific File Type
  • Disable Auto-Containment On A Per-application Basis
  • Switch Off Automatic Antivirus Updates
  • Suppress XCS Alerts Temporarily
  • Control External Device Accessibility
• Appendix 2 - Xcitium Secure DNS Service
  • Router - Manually Enable Or Disable Xcitium Secure DNS
  • Windows - Enable Xcitium Secure DNS
• About Xcitium

Log Settings

• Click 'Settings' > 'General Settings' > 'Logging'.

• Xcitium Client Security keeps detailed records of all antivirus, firewall, HIPS, containment, device control, VirusScope and autorun events.

• Logs are also created for 'Alerts Displayed', 'Tasks Launched', 'File List' changes, 'Vendor list changes' and 'XCS Configuration Changes'.

• Log settings let you specify the storage location, the maximum size of log files, and how XCS should react if the maximum file size is exceeded.
  

Note: You can view logs themselves at 'Tasks' > 'Advanced Tasks' > 'View Logs'.

Configure Log settings

• Click 'Settings' on the XCS home screen

• Click 'General Settings' > 'Logging':
  

 

Logging

• Write to local log database (COMODO format) - Enable or disable logs in Comodo format.(Default = Enabled)

• Write to Syslog Server (CEF Format) - XCS forwards the logs to an external Syslog server integrated with Xcitium Enterprise. Enter the IP/hostname and port of the Syslog server in fields provided. (Default = Disabled)
  

• Write to remote server (JSON format) - XCS forwards the logs over https to a server integrated with Xcitium Enterprise. (Default = Disabled)

• Host - Enter the IP address or the host name of the server

• Port - The port through which the server listens to the XCS logs

• Token - Enter the client authentication token so XCS can connect and forward logs to the server. The token is generated when you configure the HTTP Event Collector (HEC) on the server.

• See https://docs.splunk.com/Documentation/Splunk/7.2.6/Data/UsetheHTTPEventCollector if you need help to setup the event collector and generate a token.

• Enter the IP/hostname and port of the server in fields provided. Enter the security token to access the remote server in the field provided.

• Write to Log file (CEF) Format - XCS stores the logs at a specific local or network location. Click 'Browse' to select the storage location. (Default = Disabled)

• Write to Windows Event Logs - XCS logs are appended to 'Windows Event' logs. (Default = Enabled)

• Type 'Event Viewer' in Windows search to view Windows logs

Log File Management

• Specify what should happen when the log file reaches a certain size. You can choose keep the older logs or discard them.

• When log file reaches - Enter the maximum size of a log file in MB. (Default = 100MB)

• Keep on updating it removing the oldest records– When a log file reaches the max. size, XCS will delete the earliest log entries to make room for the new entries. (Default = Enabled)

• Move it to the specified folder – When a log file reaches the max. size, XCS starts a new log file and moves the old one to a folder of your choice. (Default = Disabled)

• Select the option and click 'the specified folder' to choose the storage folder:
  

 

The selected folder path will appear beside 'Move it to'.

User Statistics

• Send anonymous program usage statistics to Comodo - Xcitium collects usage details so we can analyze how our users interact with XCS. This real-world data allows us to create product improvements which reflect the needs of our users. If you enable this option, XCS will periodically send usage data to Xcitium servers through a secure, encrypted channel. Your privacy is not affected because the data is anonymized. Disable this option if you don't want to send usage details to Xcitium. (Default = Enabled)

• Click 'OK' for your changes to take effect.