Manage Logs

To manage logs:

  1. Select the log type to view.

  2. Specify a date range for the logs you want to view.

  3. Click View logs.

  4. Check the scan result to determine whether you need to take any action against any detected security risk.

  5. Sort the information in each column of the logs by clicking the column name.

Log details include:

Virus/Malware logs

Firewall logs

Spyware/Grayware logs

Clicking View displays the following information:

Web Reputation logs

Behavior Monitoring logs

Device Control logs

Scan logs

Data Loss Prevention logs

Process Table

Channel

Process

Synchronization software (ActiveSync)

Full path and process name of the synchronization

software

Example:

C:\Windows\system32\WUDFHost.exe

Data recorder (CD/DVD)

Full path and process name of the data recorder

Example:

C:\Windows\Explorer.exe

Windows clipboard

Full path and process name of ShowMsg.exe

ShowMsg.exe is the Data Loss Prevention process that monitors clipboard events.

Example:

C:\Windows\system32\ShowMsg.exe

Email client - Lotus Notes

Full path and process name of Lotus Notes

Example:

C:\Program Files\IBM\Lotus\Notes\nlnotes.exe

Email client - Microsoft Outlook

Full path and process name of Microsoft Outlook

Example:

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

Email client - All clients that use the SMTP protocol

Full path and process name of the email client

Example:

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

Removable storage

Process name of the application that transmitted data to or within the storage device

Example:

explorer.exe

FTP

Full path and process name of the FTP client

Example:

D:\Program Files\FileZilla FTP Client\filezilla.exe

HTTP

"HTTP application"

HTTPS

Full path and process name of the browser or application

Example:

C:\Program Files\Internet Explorer\iexplore.exe

IM application

Full path and process name of the IM application

Example:

C:\Program Files\Skype\Phone\Skype.exe

IM application - MSN

  • Full path and process name of MSN

Example:

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

  • "HTTP application" if data is transmitted from a chat window

Peer-to-peer application

Full path and process name of the peer-to-peer application

Example:

D:\Program Files\BitTorrent\bittorrent.exe

PGP encryption

Full path and process name of the PGP encryption software

Example:

C:\Program Files\PGP Corporation\PGP Desktop\PGPmnApp.exe

Printer

Full path and process name of the application that initiated a printer operation

Example:

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

SMB protocol

Full path and process name of the application from which shared file access (copying or creating a new file) was performed

Example: C:\Windows\Explorer.exe

Webmail (HTTP mode)

"HTTP application"

Webmail (HTTPS mode)

Full path and process name of the browser or application

Example:

C:\Program Files\Mozilla Firefox\firefox.exe

 

Source Table

Channel

Source

Synchronization software (ActiveSync)

The original file path of the file that was synchronized with a mobile device

Example:

D:\OfficeScan\test.txt

Data recorders (CD/DVD)

The original file path of the file that was written to a data recorder

Example:

D:\OfficeScan\test.txt

Windows clipboard

Windows clipboard

Email client - Lotus Notes

The message part that contained the digital asset

There are two possible values:  

  • LotusSubjectContent

  • LotusBodyContent

If the digital asset was detected in an attachment file, the value is the name of the file.

Example:

test.txt

Email client - Microsoft  Exchange

The message part that contained the digital asset

There are two possible values:  

  • ExchangeSubjectContent

  • ExchangeBodyContent

If the digital asset was detected in an attachment file, the value is the name of the file.

Example:

test.txt

Email client -  SMTP

The message part that contained the digital asset

There are two possible values:  

  • body

  • subject content

If the digital asset was detected in an attachment file, the value is the name of the file.

Example:

test.txt

Removable storage

If the digital asset was detected in a file that was copied to a USB device, the source is the original file path of the file that was copied.

Example:

D:\OfficeScan\test.txt

If the digital asset was detected in a new file that was saved to a USB device, the source is the destination file path of the file being saved with an appended name.

Example:

Save As file: test.txt

USB drive path: F:\

Source value: F:\test.txt\ole.txt.root.0

FTP

The original file path of the file that was transferred to the FTP server

Example:

D:\OfficeScan\test.txt

HTTP

The original file path of the file that was uploaded to the HTTP server

Example:

D:\OfficeScan\test.txt

HTTPS

The original file path of the file that was uploaded to the HTTP server with an appended name

Example:

D:\OfficeScan\test.txt\ole.txt.split.0

IM applications -  AOL Instant Messenger, MSN, Yahoo! Messenger

If the digital asset was detected in a chat window, the source value is:

body

If the digital asset was detected in an attached file, the value is the original file path of the attachment.

Example:

D:\OfficeScan\test.txt

IM applications - Skype

If the digital asset was detected in the chat window, the source value is:

Skype Message

If the digital asset was detected in an attached file, the value is the original file path of the attachment.

Example:

D:\OfficeScan\test.txt

Peer-to-peer applications - BitTorrent

The original file path of the file that was uploaded to the HTTP server

Example:

D:\OfficeScan\test.txt

Peer-to-peer applications - BitTorrent

The original file path of the file that was uploaded to the HTTPS server

Example:

D:\OfficeScan\test.txt\ole.txt.split.0

Peer-to-peer applications -  Emule

The original file path of the file that was uploaded

Example:

D:\OfficeScan\test.txt

PGP Encryption

The original file path of the file that was encrypted

Example:

D:\OfficeScan\test.txt

Printer

The original file path of the file that was encrypted

Example:

D:\OfficeScan\test.txt\ole.txt.root.0.0.txt

SMB protocol

The original file path of the file that was being copied to a remote location.

Example:

D:\OfficeScan\test.txt

Webmail - AOL Mail, Gmail, Hotmail

The message part that contained the digital asset

There are two possible values:  

  • subject content

  • body

If the digital asset was detected in an attached file, the value is the original file path of the attachment.

Example:

D:\OfficeScan\test.txt

Webmail -  Yahoo! Mail

The message part that contained the digital asset

There are two possible values:  

  • subject content

  • body

If the digital asset was detected in an attached file, the value is the name of the attachment.

Example:

test.txt

 

Description Table

Channel

Description

Email client - Lotus Notes

  • Email addresses of recipients in the To/Cc/Bcc fields

The email addresses are in X.400 or SMTP format.

  • Email address of sender

Email client - Microsoft Outlook

  • Email addresses of recipients in the To/Cc/Bcc fields

The email addresses are in X.400 or SMTP format.

  • Name of sender

Email client - All clients that use the SMTP protocol

  • Email addresses of recipients in the To/Cc/Bcc fields

  • Email address of sender

  • Email subject

FTP

User name used to log on to the FTP server

HTTP/HTTPS

URL of a website or web page

Webmail

  • Webmail URL

  • Email addresses of recipients in the To/Cc/Bcc fields

  • Email address of sender

 

C&C Callback logs

  1. Note: Log details also display on the Real-time Scan notification messages.

  1. To prevent logs from consuming too much disk space, you can go to Log maintenance and configure OfficeScan to automatically delete logs based on the age of the logs. The maximum number of days is 15.