Viewing Spyware/Grayware Logs

The OfficeScan agent generates logs after detecting spyware and grayware and then sends the logs to the server.

  1. Go to one of the following:
    • Logs > Agents > Security Risks

    • Agents > Agent Management

  2. In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
  3. Go to the Spyware/Grayware Log Criteria screen:
    • From the Security Risk Logs screen, click View Logs > Spyware/Grayware Logs.

    • From the Agent Management screen, click Logs > Spyware/Grayware Logs.

  4. Specify the log criteria and then click Display Logs.
  5. View logs. Logs contain the following information:

    Item

    Description

    Date/Time

    The time the detection occurred

    Endpoint

    The endpoint on which the detection occurred

    Spyware/Grayware

    The name of the security threat

    Scan Type

    The scan that detected the threat

    Result

    The result of the action taken

    Note:

    For more information on scan results, see Spyware/Grayware Scan Results.

    IP Address

    The IP address and port number of the source endpoint

    MAC Address

    The MAC address of the infected endpoint

    Details

    A link that displays the detailed analysis for the specific detection

  6. (Optional) Select any spyware/grayware detection you consider harmless and click Add to Approved List to exclude the program from further scanning.
  7. To save logs to a comma-separated value (CSV) file, click Export All to CSV. Open the file or save it to a specific location.

    The CSV file contains the following information:

    • All information in the logs

    • User name logged on to the endpoint at the time of detection