Security Threats (Endpoint)

View security threats detected on a particular endpoint.

There are several ways to access this screen. The recommended way is to go to the Endpoints with Threats widget on the dashboard and click a value representing the number of threats detected on an endpoint.



The major user interface elements in the screen are as follows:

Number

Description

1

Endpoint with security threats

An icon displays after the endpoint name (as shown below) if Control Manager has isolated the endpoint or is in the process of restoring its network connection.



2

Security threats detected on the endpoints, represented by icons

Mouseover an icon to view threat details.

Application violation

Behavior Monitoring violation

C&C callback

DLP incident

Content violation

Firewall violation

Intrusion Prevention event

Network content violation

Phishing email

Spam

Spyware/Grayware

Suspicious object

Virus/Malware

Web violation

Multiple events

3 and 4

Filter used for controlling the number of detected security threats within a certain time range

5

The following tasks that can be performed on the endpoint:

6

Table with details about the security threats

Critical threats are shaded light red for easy recognition.

To display details, do one of the following:

  • Click a value in the Security Threat column to view users affected by the threat.

  • Click a value in the Details column to view a log entry.