Containment Logs
- Click 'Tasks' > 'Advanced Tasks' > 'View Logs'
- Click the 'Show' drop-down at top-left
- Select 'Containment Events' from the menu
- CIS records all actions taken by the containment module. Events that are recorded include:
- When you manually run an application in the container
- When an application is run in the container by an auto-containment rule
- When you use the Virtual Desktop
View Containment Logs
- Click 'Tasks' on the CIS home screen
- Click 'Advanced Tasks' > 'View Logs'
- Select 'Containment Events' from the 'Show' drop-down:
- Date & Time - When the event occurred
- Location – The installation path of the application that was run in the container
- Rating – The reputation of the contained application. The trust rating can be 'Trusted', 'Unrecognized' or 'Malicious'. Unrecognized files are run in the container until such time as they can be classified as 'Trusted' or 'Malicious'
- Action – How the malware was handled by CIS. This is also the restriction level imposed on the application by the container
- Contained by – The CIS service, policy or user that placed the application in the container
- Alert - Click 'Related Alert' to view the notification generated by the event
Note:
Containment alerts are shown when an
installer, or unknown application requires admin/elevated
privileges to run.
See Containment Settings for more details. |
-
Export - Save the logs as a HTML file. You can also right-click inside the log viewer and choose 'Export'
-
Open log file - Browse to and view a saved log file
-
Cleanup log file - Delete the selected event log
-
Refresh - Reload the current list and show the latest logs
Click any column header to sort the entries in ascending / descending order.