Threats Management

Top  Previous  Next

You can view the list of detected threats and manage the reaction to them on the Threats page.

This page contains the full list of threats detected by the components of Dr.Web for UNIX Internet Gateways that monitor and scan the file system. In the upper part of the page, you can see a menu which allows filtering the threats by their category:

All—show all detected threats (including both active and quarantined threats).

Active—show only active threats; i.e. detected but not neutralized yet.

Blocked—show all blocked threats, that is, threats that were not neutralized, but for which the infected objects containing them were blocked.

Quarantined—show threats that were moved to quarantine.

Errors—show threats that were not processed because of an error.

Just next to each name of a threat category (to its right) in the upper menu, the quantity of detected threats that fall into this category is displayed. The currently selected category, for which the threats belonging to it are currently displayed, is emphasized in a darker font. To display threats of a required category, click the name of the category in the menu.

Threats detected by components that scan network traffic (SpIDer Gate, Dr.Web ICAPD), and also by Dr.Web ClamD are not displayed on the Threats page. To trace the threats detected by these components, you can control threat counters and trace notifications available via SNMP (Dr.Web SNMPD gives access to threat counters and notifications according to the MIB Dr.Web structure).

 

For each threat, the following information is listed:

File—name of the file that contains a malicious object (file path is not specified).

Owner—name of the user who owns the infected file.

Component—name of the component of Dr.Web for UNIX Internet Gateways that detected the threat.

Threat—name of the threat that was detected in the file (according to the classification used by the Doctor Web company).

For any object selected in the list, the following information is displayed:

Name of the threat (displayed as a link that opens a page of the Dr.Web virus information library with the threat’s description).

File size, in bytes.

Name of the component that detected the threat.

Date and time when the threat was detected.

Date and time when the threat was last modified.

Name of the user who owns the infected file.

Name of the group that includes the file owner.

Identifier that was assigned to the quarantined file containing a threat (if the file was quarantined).

Full path that points to the original location of the file (where the file was located at the moment of threat detection).

You can select any object in the list by clicking on it. To select multiple objects, set the checkboxes for the corresponding objects. To select all objects or cancel the selection, select the check box in the File field in the threat list’s header.

To apply actions to objects selected in the list, click the corresponding button on the toolbar, which is located directly above the threat list. The toolbar contains the following buttons (note that some of them can be unavailable depending on the type of selected threats):

—instructs to remove (i.e. to permanently delete) selected files.

—instructs to restore selected files from quarantine to their original location.

—instructs to apply an additional action to selected files (available actions are specified in the drop-down list):

Quarantine—instructs to put the selected files that contain threats to quarantine

Cure—will attempt to cure the threats

Ignore—instructs to ignore the threats detected in selected files and to remove the threats from the list

You can also filter displayed threats based on a search query. To filter unnecessary threats out and display only those that correspond to the query, use the search box. The box is displayed on the right side of the toolbar and is marked with . To filter the threat list, enter a word in the search box. All threats that do not have the entered word in their name or description, will be hidden (this filtering is not case-sensitive). To clear search results and display the unfiltered list, click in the search box or erase the word.