Threats Management

Top  Previous  Next

You can view the list of detected threats and manage the reaction to them on the Threats page.

This page contains the full list of threats detected by the components of Dr.Web for UNIX File Servers that monitor and scan the file system. In the upper part of the page, you can see a menu which allows filtering the threats by their category:

All—show all detected threats (including both active and quarantined threats).

Active—show only active threats; i.e. detected but not neutralized yet.

Blocked—show all blocked threats, that is, threats that were not neutralized, but for which the infected objects containing them were blocked (only for file storages monitored by SpIDer Guard for SMB).

Quarantined—show threats that were moved to quarantine.

Errors—show threats that were not processed because of an error.

Just next to each name of a threat category (to its right) in the upper menu, the quantity of detected threats that fall into this category is displayed. The currently selected category, for which the threats belonging to it are currently displayed, is emphasized in a darker font. To display threats of a required category, click the name of the category in the menu.

For each threat, the following information is listed:

File—name of the file that contains a malicious object (file path is not specified).

Owner—name of the user who owns the infected file.

Component—name of the component of Dr.Web for UNIX File Servers that detected the threat.

Threat—name of the threat that was detected in the file (according to the classification used by the Doctor Web company).

For any object selected in the list, the following information is displayed:

Name of the threat (displayed as a link that opens a page of the Dr.Web virus information library with the threat’s description).

File size, in bytes.

Name of the component that detected the threat.

Date and time when the threat was detected.

Date and time when the threat was last modified.

Name of the user who owns the infected file.

Name of the group that includes the file owner.

Name of the user who uploaded the file to the file server (only for file storages monitored by SpIDer Guard for SMB).

Identifier that was assigned to the quarantined file containing a threat (if the file was quarantined).

Full path that points to the original location of the file (where the file was located at the moment of threat detection).

You can select any object in the list by clicking on it. To select multiple objects, set the checkboxes for the corresponding objects. To select all objects or cancel the selection, select the check box in the File field in the threat list’s header.

To apply actions to objects selected in the list, click the corresponding button on the toolbar, which is located directly above the threat list. The toolbar contains the following buttons (note that some of them can be unavailable depending on the type of selected threats):

—instructs to remove (i.e. to permanently delete) selected files.

—instructs to restore selected files from quarantine to their original location.

—instructs to apply an additional action to selected files (available actions are specified in the drop-down list):

Quarantine—instructs to put the selected files that contain threats to quarantine

Cure—will attempt to cure the threats

Ignore—instructs to ignore the threats detected in selected files and to remove the threats from the list

 

Note that managing of threats detected on NSS volumes requires SpIDer Guard for NSS to be installed and started.

 

If in the settings of SpIDer Guard for NSS—which monitors NSS volumes—Quarantine is specified as an action that must be automatically applied to some threat type, the object containing a threat of this type will be placed to quarantine again on attempt to restore this object from quarantine to an NSS volume. For example, the default settings of this monitor move all incurable objects to quarantine. This is why, when any incurable object is restored from quarantine to an NSS volume, this object is automatically returned to quarantine.

 

You can also filter displayed threats based on a search query. To filter unnecessary threats out and display only those that correspond to the query, use the search box. The box is displayed on the right side of the toolbar and is marked with . To filter the threat list, enter a word in the search box. All threats that do not have the entered word in their name or description, will be hidden (this filtering is not case-sensitive). To clear search results and display the unfiltered list, click in the search box or erase the word.