Example analysis using ePolicy Orchestrator 4.5 or 4.6

You can use the steps in this example analysis as a framework for analyzing most VirusScan Enterprise protection scenarios using ePolicy Orchestrator 4.5 or 4.6.

Before you begin

You must have direct or remote access to a VirusScan Enterprise protected system to perform this example analysis.

Task

For option definitions, click ? in the interface.

  1. Use one of the following to determine where and when the attacks occurred:
    • From ePolicy Orchestrator 4.5 or 4.6 console, click Menu | Reporting | Queries and the Queries pane appears. Type Malware as a Quick find search and click Apply. The Malware Detection History query appears in the Queries list. Click Menu | Reporting | Queries and the Queries pane appears. To find
  2. Select the query and click Actions | Run and the query returns the number of recent attacks.
  3. To determine what malware was used in the attack, click Menu | Reporting | Threat Event Log and the Threat Event Log appears.
  4. Double-click the log event and the details page appears in the pane. You can determine the following from this output:
    • Threat Source IP Address and target are shown to help you determine what actions to take.
    • Threat Name and Threat Type describe what malware was used in the attack.
    • Threat Event Descriptions describe how the attack affected the system and what actions were taken on the threat.
  5. Use the information in the previous step to determine if the source or target system need their virus protection settings modified or if you want to take some other action.