Procedure

1. Navigate to Logs → Networked Computer Logs → Security Risks or Networked Computers → Client Management.
2. In the client tree, click the root domain icon () to include all clients or select specific domains or clients.
3. Click View Logs → C&C Callback Logs or Logs → C&C Callback Logs.
4. Specify the log criteria and then click Display Logs.
5. View logs. Logs contain the following information:
   • Date/Time OfficeScan logged the callback
   • Compromised host from which the callback originated
   • IP address of the compromised host
   • Domain from which the callback originated
   • Callback address to which the endpoint sent the callback
   • C&C list source that identified the C&C server
   • C&C server's risk level
   • Action taken on the callback
6. If there are URLs that should not be blocked, click the Add to Web Reputation Approved List button to add the website to the Web Reputation Approved URL list.

   Note OfficeScan always passes C&C servers detected by the C&C IP list and administrators cannot add these IP addresses to the Approved lists directly from the log table.

7. To save logs to a comma-separated value (CSV) file, click Export to CSV. Open the file or save it to a specific location.