OfficeScan console > Logs tab
Select the log type to view.
Specify a date range for the logs you want to view.
Click View logs.
Check the scan result to determine whether you need to take any action against any detected security risk.
Sort the information in each column of the logs by clicking the column name.
Log details include:
Date and time of virus/malware detection
Virus/Malware name
Infected file
Scan type that detected the virus/malware
Date and time of firewall violation detection
Remote host IP address
Local host IP address
Protocol
Port number
Direction: If inbound (Receive) or outbound (Send) traffic violated a firewall policy
Process: The executable program or service running on the computer that caused the firewall violation
Description: Specifies the actual security risk (such as a network virus or IDS attack) or the firewall policy violation
Date and time of spyware/grayware detection
Spyware/Grayware name
Scan type that detected the spyware/grayware
First level scan result: First level result provides the scan result summary. If you click View under the Details column, the second level scan result displays.
Spyware/Grayware details
Clicking View displays the following information:
Spyware/Grayware components
System area affected by spyware/grayware
Risk level
Date and time OfficeScan blocked the URL
Blocked URLs
URL's risk level
Link to the Trend Micro Web Reputation Query system that provides more information about the blocked URL
Date/Time unauthorized process was detected
Action performed when violation was detected
Event, which is the type of object accessed by the program
Risk level of the unauthorized program
Violation, which is the event monitoring rule violated by the process
Program, which is the unauthorized program
Operation, which is the action performed by the unauthorized program
Target, which is the process that was accessed
Date/Time unauthorized access was detected
Device type or network resource accessed
Accessed by, which specifies where access was initiated
Target, which is the item on the device or network resource that was accessed
Permissions set for the target
Date and time OfficeScan started scanning
Date and time OfficeScan stopped scanning
Scan status
Completed: The scan was completed without problems.
Stopped: The user stopped the scan before it can be completed.
Stopped Unexpectedly: The scan was interrupted by the user, system, or an unexpected event. For example, the OfficeScan Real-time Scan service might have terminated unexpectedly or the user performed a forced restart of the endpoint.
Scan type
Number of scanned objects
Number of infected files
Number of unsuccessful actions
Number of successful actions
Virus Pattern version
Smart Scan Agent Pattern version
Spyware Pattern version
Date/Time digital asset transmission was detected
User name logged on to the computer
Channel through which the digital asset was transmitted
Template that triggered the detection
The process that facilitated the transmission of a digital asset. The process depends on the channel.
|
Channel |
Process |
|
Synchronization software (ActiveSync) |
Full path and process name of the synchronization software Example: C:\Windows\system32\WUDFHost.exe |
|
Data recorder (CD/DVD) |
Full path and process name of the data recorder Example: C:\Windows\Explorer.exe |
|
Windows clipboard |
Full path and process name of ShowMsg.exe ShowMsg.exe is the Digital Asset Control process that monitors clipboard events. Example: C:\Windows\system32\ShowMsg.exe |
|
Email client - Lotus Notes |
Full path and process name of Lotus Notes Example: C:\Program Files\IBM\Lotus\Notes\nlnotes.exe |
|
Email client - Microsoft Outlook |
Full path and process name of Microsoft Outlook Example: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE |
|
Email client - All clients that use the SMTP protocol |
Full path and process name of the email client Example: C:\Program Files\Mozilla Thunderbird\thunderbird.exe |
|
Removable storage |
Process name of the application that transmitted data to or within the storage device Example: explorer.exe |
|
FTP |
Full path and process name of the FTP client Example: D:\Program Files\FileZilla FTP Client\filezilla.exe |
|
HTTP |
"HTTP application" |
|
HTTPS |
Full path and process name of the browser or application Example: C:\Program Files\Internet Explorer\iexplore.exe |
|
IM application |
Full path and process name of the IM application Example: C:\Program Files\Skype\Phone\Skype.exe |
|
IM application - MSN |
Example: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
|
|
Peer-to-peer application |
Full path and process name of the peer-to-peer application Example: D:\Program Files\BitTorrent\bittorrent.exe |
|
PGP encryption |
Full path and process name of the PGP encryption software Example: C:\Program Files\PGP Corporation\PGP Desktop\PGPmnApp.exe |
|
Printer |
Full path and process name of the application that initiated a printer operation Example: C:\Program Files\Microsoft Office\Office12\WINWORD.EXE |
|
SMB protocol |
Full path and process name of the application from which shared file access (copying or creating a new file) was performed Example: C:\Windows\Explorer.exe |
|
Webmail (HTTP mode) |
"HTTP application" |
|
Webmail (HTTPS mode) |
Full path and process name of the browser or application Example: C:\Program Files\Mozilla Firefox\firefox.exe |
Action on the transmission
Digital asset source
|
Channel |
Source |
|
Synchronization software (ActiveSync) |
The original file path of the file that was synchronized with a mobile device Example: D:\OfficeScan\test.txt |
|
Data recorders (CD/DVD) |
The original file path of the file that was written to a data recorder Example: D:\OfficeScan\test.txt |
|
Windows clipboard |
Windows clipboard |
|
Email client - Lotus Notes |
The message part that contained the digital asset There are two possible values:
If the digital asset was detected in an attachment file, the value is the name of the file. Example: test.txt |
|
Email client - Microsoft Exchange |
The message part that contained the digital asset There are two possible values:
If the digital asset was detected in an attachment file, the value is the name of the file. Example: test.txt |
|
Email client - SMTP |
The message part that contained the digital asset There are two possible values:
If the digital asset was detected in an attachment file, the value is the name of the file. Example: test.txt |
|
Removable storage |
If the digital asset was detected in a file that was copied to a USB device, the source is the original file path of the file that was copied. Example: D:\OfficeScan\test.txt If the digital asset was detected in a new file that was saved to a USB device, the source is the destination file path of the file being saved with an appended name. Example: Save As file: test.txt USB drive path: F:\ Source value: F:\test.txt\ole.txt.root.0 |
|
FTP |
The original file path of the file that was transferred to the FTP server Example: D:\OfficeScan\test.txt |
|
HTTP |
The original file path of the file that was uploaded to the HTTP server Example: D:\OfficeScan\test.txt |
|
HTTPS |
The original file path of the file that was uploaded to the HTTP server with an appended name Example: D:\OfficeScan\test.txt\ole.txt.split.0 |
|
IM applications - AOL Instant Messenger, MSN, Yahoo! Messenger |
If the digital asset was detected in a chat window, the source value is: body If the digital asset was detected in an attached file, the value is the original file path of the attachment. Example: D:\OfficeScan\test.txt |
|
IM applications - Skype |
If the digital asset was detected in the chat window, the source value is: Skype Message If the digital asset was detected in an attached file, the value is the original file path of the attachment. Example: D:\OfficeScan\test.txt |
|
Peer-to-peer applications - BitTorrent |
The original file path of the file that was uploaded to the HTTP server Example: D:\OfficeScan\test.txt |
|
Peer-to-peer applications - BitTorrent |
The original file path of the file that was uploaded to the HTTPS server Example: D:\OfficeScan\test.txt\ole.txt.split.0 |
|
Peer-to-peer applications - Emule |
The original file path of the file that was uploaded Example: D:\OfficeScan\test.txt |
|
PGP Encryption |
The original file path of the file that was encrypted Example: D:\OfficeScan\test.txt |
|
Printer |
The original file path of the file that was encrypted Example: D:\OfficeScan\test.txt\ole.txt.root.0.0.txt |
|
SMB protocol |
The original file path of the file that was being copied to a remote location. Example: D:\OfficeScan\test.txt |
|
Webmail - AOL Mail, Gmail, Hotmail |
The message part that contained the digital asset There are two possible values:
If the digital asset was detected in an attached file, the value is the original file path of the attachment. Example: D:\OfficeScan\test.txt |
|
Webmail - Yahoo! Mail |
The message part that contained the digital asset There are two possible values:
If the digital asset was detected in an attached file, the value is the name of the attachment. Example: test.txt |
Description, which includes additional details about the transmission
|
Channel |
Description |
|
Email client - Lotus Notes |
The email addresses are in X.400 or SMTP format.
|
|
Email client - Microsoft Outlook |
The email addresses are in X.400 or SMTP format.
|
|
Email client - All clients that use the SMTP protocol |
|
|
FTP |
User name used to log on to the FTP server |
|
HTTP/HTTPS |
URL of a website or web page |
|
Webmail |
|
Note: Log details also display on the Real-time Scan notification messages.
To prevent logs from consuming too much disk space, you can go to Log maintenance and configure OfficeScan to automatically delete logs based on the age of the logs. The maximum number of days is 15.
