Threat Management

You can view a list of detected threats and manage a reaction to them on the Threats page.

This page displays the full list of threats detected by the components of Dr.Web Server Security Suite that monitor and scan the file system. At the top of the page, you can see a menu which allows filtration of threats on the basis of their categories:

All—display all detected threats (including both active and quarantined threats);

Active—display only active threats, that is, those that were detected but not neutralized yet;

Blocked—display those threats that were not neutralized, but access to files containing them was blocked for users (only with regard to file storage units monitored by SpIDer Guard for SMB);

Quarantined—display quarantined threats;

Errors—display threats whose processing has finished with an error.

To the right of the name of each category in the menu, a number of detected threats that fall into this category is displayed. To display threats of a required category, click its name in the menu.

For each threat, the following information is listed:

File—name of a file that contains a malicious object (a file path is not specified);

Owner—name of a user who owns the file with a threat;

Component—name of a component that detected the threat;

Threat—name of the threat detected in the file, as classified by the Doctor Web company.

For an object selected in the list, the following detailed information is displayed to the right of the list:

name of the threat (displayed as a link that opens a page of the Dr.Web virus information library with a threat description);

file size, in bytes;

name of the component that detected the threat;

date and time of threat detection;

file last modification date and time;

name of the user who owns the infected file;

name of the group that includes the file owner;

name of the user who placed the file in the storage (only for file storage units monitored by SpIDer Guard for SMB);

identifier that was assigned to the infected file (if the file was quarantined);

full path to the file original location (at the moment of threat detection).

To select an object, click the corresponding line on the list. To select multiple objects, select the check boxes for the corresponding objects. To select all objects or cancel the selection at once, toggle the check box in the File field in the threat list header.

To apply actions to the objects selected on the list of threats, click the corresponding button on the toolbar that is located directly above the threat list. The toolbar contains the following buttons:

Delete the selected files.

Restore the selected files from quarantine to their original location.

Apply an additional action to the selected files (available actions are specified in a drop-down list). The following additional actions are available:

Quarantine—quarantine the files with threats;

Cure—attempt to cure the threats;

Ignore—ignore the threats detected in the selected files and remove the threats from the list.

Some buttons can be unavailable depending on the type of the selected threats.

 

Managing of threats detected on NSS volumes requires SpIDer Guard for NSS to be installed and started.

 

If Quarantine is specified as an action to be applied to threats of some type in the settings of SpIDer Guard for NSS, a file containing a threat of this type is quarantined again at attempt to restore this file from quarantine to a NSS volume. For example, the default settings of the monitor instruct it to quarantine all incurable objects; thus, when an incurable object is restored from quarantine to an NSS volume, this object is immediately quarantined again.

 

The Threats page also allows you to filter displayed threats based on a search query. To filter out unnecessary threats and display only those that correspond to the query, use the search box. The box is displayed on the right side of the toolbar and contains . To filter the threat list, enter a word in the search box. At that, all threats that do not have the entered word in their name or description will be hidden (the search is case-insensitive). To clear search results and display the unfiltered list, click in the search box or erase the word.