Viewing Detected Threats

Top  Previous  Next

The list of threats detected by Scanner and SpIDer Guard during the current Dr.Web for Linux session is displayed on the special window page which is available only if at least one threat was detected.

If threats were detected, you can open this page by clicking the button in the GUI navigation pane.

Figure 30. Page with listed threats

In the list, the following information is available for each detected threat:

Name of the malicious object

Name of the threat (according to the Doctor Web classification)

Action applied (or to be applied) to the threat

Path to the malicious object

Neutralized threats display in the list as grayed out items.

Neutralizing Detected Threats

If some of the listed threats are not neutralized, the Neutralize button above the list becomes available. Once the button is clicked, actions specified in the corresponding Action fields are applied to the threats. If an attempt to neutralize a threat fails, the listed item is displayed red and an error message appears in the Action field.

By default, an action to be applied to a threat is selected according to the settings of the component which detected the threat. You can configure actions applied to threats of a certain type by Scanner and SpIDer Guard. For that purpose, open the corresponding tab on the Settings window and adjust the settings.

If it is necessary to apply an action which is different from the one specified in the settings, click the Action field and select the required action on the menu.

If threat is detected in a file located in a container (an archive, email message, etc.), its removal is replaced with moving of a container to quarantine.

You can select multiple items in the threat list at a time. To do that, select the items with a mouse button while holding down CTRL and SHIFT keys.

When you hold down a CTRL key, threats are selected one by one.

When you hold down a SHIFT key, threats are selected contiguously.

After you select threats, you can apply a required action to them by right-clicking in the selected area and then clicking the required item on the displayed menu. The action selected on the menu is applied to all of the selected threats.

Note that

If a threat is detected in a complex object (archive, email message, etc.), the selected action is applied to the container as a whole (and not to only the infected object).

The Cure action can be applied not to all threat types.

If required, elevate application privileges to enable successful neutralization of threats.

Viewing Information on Threats

To receive detailed information about any detected threat, right-click the corresponding row and select Details in the appeared context menu. This opens the window with information on the threat and the infected object. If you need to view details on several threats, select them from the list by using the left mouse button and holding down CTRL before requesting the context menu.

Figure 31. Information on a threat

This window contains the following information:

Threat name (according to the Doctor Web classification)

Name of the Dr.Web for Linux component which detected the threat

Date and time when the threat was detected.

Information on the file system object where the threat was detected: object name, owner, date of the latest modification and path to the object in the file system

Last action applied to the threat and the result (if an option to apply actions to threat automatically is enabled for the component, for example – in a corresponding tab of the application settings window).

If you click the threat name, its description will open in the browser (a page of Doctor Web official website will open; Internet connection is required) installed in the system.

Click Export if you want to save the displayed information to a text file (once the button is clicked, the file browsing window will open). To close the window with threat and object details, click Close.