Containment Logs
- Click 'Tasks' > 'Advanced Tasks' > 'View Logs'
OR
- Click ‘Logs’ in advanced view of the CIS home screen
- Select 'Containment Events' from the drop-down at upper-left
CIS records all actions taken by the containment module. Events that are recorded include:
- When you manually run an application in the container
- When an an auto-containment rule runs an application in the container
- Date & Time - When the event occurred
- Application - The installation path of the application that was run in the container
- Rating – The reputation of the contained application. The trust rating can be 'Trusted', 'Unrecognized' or 'Malicious'. Unrecognized files are run in the container until such time as they can be classified as 'Trusted' or 'Malicious'
- Action – How the malware was handled by CIS. This is also the restriction level imposed on the application by the container
- Contained by – The CIS service, policy or user that placed the application in the container
- Alert - Click 'Related Alert' to view the notification generated by the event
Note:
Containment alerts are shown when an
installer, or unknown application requires admin/elevated
privileges to run.
See Containment Settings for more details. |
- Parent Process - The program which spawned the contained process.
- Click the name of the parent process to view the hierarchical order of processes
- Parent Process ID - The unique identifier that points to the process
- Parent process hash - The SHA1 hash value of the program which spawned the contained process.
Export - Save the logs as a HTML file. You can also right-click inside the log viewer and choose 'Export'.
Open log file - Browse to and view a saved log file.
Cleanup log file - Delete the selected event log.
Refresh - Reload the current list and show the latest logs.
Click any column header to sort the entries in ascending/descending order.