Data View: Security Threat Information

Displays information about security threats that managed products detect: viruses, spyware/grayware, phishing sites, and more.

Virus/Malware Information

Summary Information

Overall Virus/Malware Summary: Displays overall summary for virus/malware detections. Example: name of virus/malware, number of clients affected by the virus, total number of instances of the virus on the network

Data	Description
Virus/Malware Name	Displays the name of viruses/malware managed products detect. Example: NIMDA, BLASTER, I_LOVE_YOU.EXE
Unique Infection Destination Count	Displays the number of unique computers affected by the virus/malware. Example: OfficeScan detects 10 virus instances of the same virus on 3 different computers. The Unique Infection Destination Count equals 3.
Unique Infection Source Count	Displays the number of unique infection sources where viruses/malware originate. Example: OfficeScan detects 10 virus instances of the same virus originating from 2 infection sources. The Unique Infection Source Count equals 2.
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware Count equals 1.

Overall Virus/Malware Type Summary: Displays broad summary for virus/malware detections. Example: type of virus/malware (Trojans, hacking tools) , number of unique viruses/malware on your network, total number of instances of viruses/malware on the network

Data	Description
Unique Virus/Malware Count	Displays the number of unique virus/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.
Unique Infection Destination Count	Displays the number of unique computers affected by the virus/malware. Example: OfficeScan detects 10 virus instances of the same virus on 3 different computers. The Unique Infection Destination Count equals 3.
Unique Infection Source Count	Displays the number of unique infection sources where viruses/malware originate. Example: OfficeScan detects 10 virus instances of the same virus originating from 2 infection sources. The Unique Infection Source Count equals 2.
Virus/Malware Detection count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware Count equals 1.

Virus/Malware Infection Source Summary: Displays summary for virus/malware detections from the source of the outbreak. Example: name of source computer, number of specific virus/malware instances from the source computer, total number of instances of viruses/malware on the network

Data	Description
Infection Source	Displays the IP address/host name of the computer where viruses/malware originate.
Unique Infection Destination Count	Displays the number of unique computers affected by the virus/malware. Example: OfficeScan detects 10 virus instances of the same virus on 3 different computers. The Unique Infection Destination Count equals 3.
Unique Virus/Malware Count	Displays the number of unique virus/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware Count equals 1.
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.

Virus/Malware Infection Destination Summary: Displays summary for virus/malware detections from specific clients. Example: name of client, number of specific virus/malware instances on the client, total number of instances of viruses/malware on the network

Data	Description
Infection Destination	Displays the IP address/host name of the computer affected by viruses/malware.
Unique Infection Source Count	Displays the number of unique infection sources where viruses/malware originate. Example: OfficeScan detects 10 virus instances of the same virus originating from 2 infection sources. The Unique Infection Source Count equals 2.
Unique Virus/Malware Count	Displays the number of unique virus/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware Count equals 1.
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.

Virus/Malware Detections Over Time Summary: Displays summary for virus/malware detections over a period of time (daily, weekly, monthly). Example: time and date of when summary data collected, number of clients affected by the virus, total number of instances of viruses/malware on the network

Data	Description
Summary Time	Displays the time at which the summary of the data occurs.
Unique Virus/Malware Count	Displays the number of unique virus/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.
Unique Infection Destination Count	Displays the number of unique computers affected by the virus/malware. Example: OfficeScan detects 10 virus instances of the same virus on 3 different computers. The Unique Infection Destination Count equals 3.
Unique Infection Source Count	Displays the number of unique infection sources where viruses/malware originate. Example: OfficeScan detects 10 virus instances of the same virus originating from 2 infection sources. The Unique Infection Source Count equals 2.
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.

Virus/Malware Action/Result Summary: Displays summary for the actions managed products take against viruses/malware. Example: specific actions taken against viruses/malware, the result of the action taken, total number of instances of viruses/malware on the network

Data	Description
Action Result	Displays the results of the action managed products take against viruses/malware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against viruses/malware. Example: File cleaned, File quarantined, File deleted
Infection Destination Count	Displays the number of computers affected by the virus/malware.
Infection Source Count	Displays the number of infection sources where viruses/malware originate.
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware Count equals 1.

Detailed Information

Detailed Overall Virus/Malware Information: Displays overall information about the virus/malware instances on your network. Example: the managed product which detects the viruses/malware, the name of the virus/malware, the name of the client with viruses/malware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Virus/Malware Name	Displays the name of viruses/malware managed products detect. Example: NIMDA, BLASTER, I_LOVE_YOU.EXE
Infection Destination	Displays the name of the computer affected by viruses/malware.
Infection Source	Displays the name of the computer where viruses/malware originate.
Log On User Name	Displays the user name logged on to the infection destination when a managed product detects viruses/malware.
Action Result	Displays the results of the action managed products take against viruses/malware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against viruses/malware. Example: File cleaned, File quarantined, File deleted
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.
Detected Entry Type	Displays the entry point for the virus/malware that managed products detect. Example: virus found in file, HTTP, Windows Live Messenger (MSN)
Detailed Information	Used only for Ad Hoc Queries. Displays detailed information about the selection. In Ad Hoc Queries this column displays the selection as underlined. Clicking the underlined selection displays more information about the selection. Example: Host Details, Network Details, HTTP/FTP Details

Virus/Malware Found in Hosts Information: Displays overall information about the virus/malware instances found on clients. Example: the managed product which detects the viruses/malware, the type of scan which detects the virus/malware, the file path on the client to detected viruses/malware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Virus/Malware Name	Displays the name of viruses/malware managed products detect. Example: NIMDA, BLASTER, I_LOVE_YOU.EXE
Infection Destination	Displays the name of the computer affected by viruses/malware.
Log On User Name	Displays the user name logged on to the infection destination when a managed product detects viruses/malware.
Detecting Scan Type	Displays the type of scan the managed product uses to detect the virus/malware. Example: Real-time, scheduled, manual
Detected File Name	Displays the name of the file managed products detect affected by viruses/malware.
File Path	Displays the file path on the infection destination where managed products detect the virus/malware.
File in Compressed File	Displays the name of the infected file/virus/malware in a compressed file.
Action Result	Displays the results of the action managed products take against viruses/malware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against viruses/malware. Example: File cleaned, File quarantined, File deleted
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.

Virus/Malware Found in HTTP/FTP Information: Displays overall information about the virus/malware instances found in HTTP or FTP traffic. Example: the managed product which detects the viruses/malware, the direction of traffic where the virus/malware occurs, the Internet browser or FTP client which downloads the virus/malware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Virus/Malware Name	Displays the name of viruses/malware managed products detect. Example: NIMDA, BLASTER, I_LOVE_YOU.EXE
Infection Destination	Displays the IP address/host name of the computer on which managed products detect viruses/malware.
Source URL	Displays the URL of the Web/FTP site which the virus/malware originates.
Log On User Name	Displays the log on name of the user with a virus/malware instance.
Inbound/Outbound Traffic/Connection	Displays the direction of virus/malware entry.
Internet Browser/FTP Client	Displays the Internet browser or FTP client from which viruses/malware originate.
Action Result	Displays the results of the action managed products take against viruses/malware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against viruses/malware. Example: File cleaned, File quarantined, File deleted
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.

Virus/Malware Found in Email Information: Displays overall information about the virus/malware instances found in email. Example: the managed product which detects the viruses/malware, the subject line content of the email, the sender of the email which contains viruses/malware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Virus/Malware Name	Displays the name of viruses/malware managed products detect. Example: NIMDA, BLASTER, I_LOVE_YOU.EXE
Recipient	Displays the recipient of email containing viruses/malware.
Sender	Displays the sender of email containing viruses/malware.
Log On User Name	Displays the log on name of the user with a virus/malware instance.
Email Subject Content	Displays the content of the subject line of the email containing viruses/malware.
Detected File Name	Displays the name of the file managed products detect affected by viruses/malware.
File in Compressed File	Displays the name of the infected file/virus/malware in a compressed file.
Action Result	Displays the results of the action managed products take against viruses/malware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against viruses/malware. Example: File cleaned, File quarantined, File deleted
Virus/Malware Detection Count	Displays total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Virus/Malware Detection Count equals 10, while the Unique Virus/Malware count equals 1.

Virus/Malware Found in Network Traffic Information: Displays overall information about the virus/malware instances found in network traffic. Example: the managed product which detects the viruses/malware, the protocol the virus/malware uses to enter your network, specific information about the source and destination of the virus/malware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Virus/Malware Name	Displays the name of viruses/malware managed products detect. Example: NIMDA, BLASTER, I_LOVE_YOU.EXE
Infection Destination	Displays the IP address/host name of the computer affected by viruses/malware.
Infection Source	Displays the IP address/ host name of the computer where viruses/malware originate.
Log On User Name	Displays the user name logged on to the infection destination when a managed product detects viruses/malware.
Inbound/Outbound Traffic/Connection	Displays the direction of virus/malware entry.
Protocol	Displays the protocol which the virus/malware uses to enter the network. Example: HTTP, SMTP, FTP
Destination Host Name	Displays the host name of the computer affected by viruses/malware.
Destination Port	Displays the port number of the computer affected by viruses/malware.
Destination MAC Address	Displays the MAC address of the computer affected by viruses/malware.
Source Host Name	Displays the host name of the computer where viruses/malware originate.
Source Port	Displays the port number of the computer where viruses/malware originate.
Source MAC Address	Displays the MAC address of the computer where viruses/malware originate.
Detected File Name	Displays the name of the file managed products detect affected by viruses/malware.
Action Result	Displays the results of the action managed products take against viruses/malware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against viruses/malware. Example: File cleaned, File quarantined, File deleted
Virus/Malware Detection Count	Displays the total number of viruses/malware managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk Detection Count equals 10, while the Unique Virus/Malware count equals 1.

Spyware/Grayware Information

Summary Information

Overall Spyware/Grayware Summary: Displays overall summary for spyware/grayware detections. Example: name of spyware/grayware, number of clients affected by the spyware/grayware, total number of instances of the spyware/grayware on the network

Data	Description
Spyware/Grayware Name	Displays the name of spyware/grayware managed products detect.
Unique Spyware/Grayware Destination Count	Displays the number of unique computers affected by the spyware/grayware. OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on 3 different computers. The Unique Spyware/Grayware Destination Count equals 3.
Unique Spyware/Grayware Source Count	Displays the number of unique sources where spyware/grayware originates. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware originating from 2 infection sources. The Unique Spyware/Grayware Source Count equals 2.
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect.

Spyware/Grayware Source Summary: Displays summary for spyware/grayware detections from the source of the outbreak. Example: name of source computer, number of specific spyware/grayware instances from the source computer, total number of instances of spyware/grayware on the network

Data	Description
Spyware/Grayware Source	Displays the name of the computer where spyware/grayware originate.
Unique Spyware/Grayware Destination Count	Displays the number of unique computers affected by the spyware/grayware. OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on 3 different computers. The Unique Spyware/Grayware Destination Count equals 3.
Unique Spyware/Grayware Count	Displays the number of unique spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.

Spyware/Grayware Destination Summary: Displays summary for spyware/grayware detections from specific clients. Example: name of client, number of specific spyware/grayware instances on the client, total number of instances of spyware/grayware on the network

Data	Description
Spyware/Grayware Destination	Displays the host name or IP address of the computer affected by spyware/grayware.
Unique Spyware/Grayware Source Count	Displays the number of unique sources where spyware/grayware originates. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware originating from 2 infection sources. The Unique Spyware/Grayware Source Count equals 2.
Unique Spyware/Grayware Count	Displays the number of unique spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.

Spyware/Grayware Detection Over Time Summary: Displays summary for spyware/grayware detections over a period of time (daily, weekly, monthly). Example: time and date of when summary data collected, number of clients affected by the spyware/grayware, total number of instances of spyware/grayware on the network

Data	Description
Summary Time	Displays the time at which the summary of the data occurs.
Unique Spyware/Grayware Count	Displays the number of unique spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.
Unique Spyware/Grayware Destination Count	Displays the number of unique computers affected by the spyware/grayware. OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on 3 different computers. The Unique Spyware/Grayware Destination Count equals 3.
Unique Spyware/Grayware Source Count	Displays the number of unique sources where spyware/grayware originates. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware originating from 2 infection sources. The Unique Spyware/Grayware Source Count equals 2.
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.

Spyware/Grayware Action/Result Summary: Displays summary for the actions managed products take against spyware/grayware. Example: specific actions taken against spyware/grayware, the result of the action taken, total number of instances of spyware/grayware on the network

Data	Description
Action Result	Displays the results of the action managed products take against spyware/grayware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against spyware/grayware. Example: File cleaned, File quarantined, File deleted
Unique Spyware/Grayware Destination Count	Displays the number of unique computers affected by the spyware/grayware. OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on 3 different computers. The Unique Spyware/Grayware Destination Count equals 3.
Unique Spyware/Grayware Source Count	Displays the number of unique sources where spyware/grayware originates. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware originating from 2 infection sources. The Unique Spyware/Grayware Source Count equals 2.
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.

Detailed Information

Detailed Overall Spyware/Grayware Information: Displays overall information about the spyware/grayware instances on your network. Example: the managed product which detects the spyware/grayware, the name of the spyware/grayware, the name of the client with spyware/grayware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Spyware/Grayware Name	Displays the name of spyware/grayware managed products detect.
Spyware/Grayware Destination	Displays the name of the computer affected by spyware/grayware.
Spyware/Grayware Source	Displays the name of the computer where spyware/grayware originate.
Log On User Name	Displays the user name logged on to the infection destination when a managed product detects spyware/grayware.
Action Result	Displays the results of the action managed products take against spyware/grayware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against spyware/grayware. Example: File cleaned, File quarantined, File deleted
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.
Detected Entry Type	Displays the entry point for the spyware/grayware that managed products detect. Example: virus found in file, HTTP, Windows Live Messenger (MSN)
Detailed Information	Used only for Ad Hoc Queries. Displays detailed information about the selection. In Ad Hoc Queries this column displays the selection as underlined. Clicking the underlined selection displays more information about the selection. Example: Host Details, Network Details, HTTP/FTP Details

Spyware/Grayware Found in Hosts: Displays overall information about the spyware/grayware instances found on clients. Example: the managed product which detects the spyware/grayware, the type of scan which detects the spyware/grayware, the file path on the client to detected spyware/grayware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Spyware/Grayware Destination	The computer which is affected by spyware/grayware.
Spyware/Grayware Name	Displays the name of spyware/grayware managed products detect.
Spyware/Grayware Source	Displays the name of the computer where the spyware/grayware originates.
Log On User Name	Displays the user name logged on to the spyware/grayware destination when a managed product detects spyware/grayware.
Detecting Scan Type	Displays the type of scan the managed product uses to detect the spyware/grayware. Example: Real-time, scheduled, manual
Affected Resource	The specific resource affected. Example: application.exe, H Key Local Machine\SOFTWARE\ACME
Affected Resource Type	The type of resource affected by spyware/grayware. Example: registry, memory resource
Spyware/Grayware Risk Type	The specific type of spyware/grayware managed products detect. Example: adware, COOKIE, peer-to-peer application
Spyware/Grayware Risk Level	The Trend Micro-defined level of risk the spyware/grayware poses to your network. Example: High security, Medium security, Low security
Action Result	Displays the results of the action managed products take against spyware/grayware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against spyware/grayware. Example: File cleaned, File quarantined, File deleted

Spyware/Grayware Found in HTTP/FTP: Displays overall information about the spyware/grayware instances found in HTTP or FTP traffic. Example: the managed product which detects the spyware/grayware, the direction of traffic where the spyware/grayware occurs, the Internet browser or FTP client which downloads the spyware/grayware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Spyware/Grayware Name	Displays the name of spyware/grayware managed products detect.
Spyware/Grayware Destination	Displays the IP address/host name of the computer on which managed products detect spyware/grayware.
Source URL	Displays the URL of the Web/FTP site which the spyware/grayware originates.
Inbound/Outbound Traffic/Connection	Displays the direction of spyware/grayware entry.
Internet Browser/FTP Client	Displays the Internet browser or FTP client from which spyware/grayware originate.
Log On User Name	Displays the user name logged on to the infection destination when a managed product detects spyware/grayware.
Action Result	Displays the results of the action managed products take against spyware/grayware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against spyware/grayware. Example: File cleaned, File quarantined, File deleted
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.

Spyware/Grayware Found in Email: Displays overall information about the spyware/grayware instances found in email. Example: the managed product which detects the spyware/grayware, the subject line content of the email, the sender of the email which contains spyware/grayware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Spyware/Grayware Name	Displays the name of spyware/grayware managed products detect.
Recipient	Displays the recipient of email containing spyware/grayware.
Sender	Displays the sender of email containing spyware/grayware.
Log On User Name	Displays the user name logged on to the infection destination when a managed product detects spyware/grayware.
Email Subject Content	Displays the content of the subject line of the email containing spyware/grayware.
Detected File Name	Displays the name of the file managed products detect affected by spyware/grayware.
File in Compressed File	Displays the file name of the spyware/grayware occurring in a compressed file.
Action Result	Displays the results of the action managed products take against spyware/grayware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against spyware/grayware. Example: File cleaned, File quarantined, File deleted
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.

Spyware/Grayware Found in Network Traffic: Displays overall information about the spyware/grayware instances found in network traffic. Example: the managed product which detects the spyware/grayware, the protocol the spyware/grayware uses to enter your network, specific information about the source and destination of the spyware/grayware

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Spyware/Grayware Name	Displays the name of spyware/grayware managed products detect.
Inbound/Outbound Traffic/Connection	Displays the direction of spyware/grayware entry.
Protocol	Displays the protocol which the spyware/grayware uses to enter the network. Example: HTTP, SMTP, FTP
Spyware/Grayware Destination	Displays the IP address/host name of the computer affected by spyware/grayware.
Spyware/Grayware Destination Host Name	Displays the host name of the computer affected by spyware/grayware.
Spyware/Grayware Destination Port	Displays the port number of the computer affected by spyware/grayware.
Spyware/Grayware Destination MAC Address	Displays the MAC address of the computer affected by spyware/grayware.
Spyware/Grayware Source	Displays the IP address/host name of the computer where spyware/grayware originate.
Spyware/Grayware Source Host Name	Displays the host name of the computer where spyware/grayware originate.
Spyware/Grayware Source Port	Displays the port number of the computer where spyware/grayware originate.
Spyware/Grayware Source MAC Address	Displays the MAC address of the computer where spyware/grayware originate.
Log On User Name	Displays the user name logged on to the spyware/grayware destination when a managed product detects spyware/grayware.
Detected File Name	Displays the name of the file managed products detect affected by spyware/grayware.
Action Result	Displays the results of the action managed products take against spyware/grayware. Example: successful, further action required
Action Taken	Displays the type of action managed products take against spyware/grayware. Example: File cleaned, File quarantined, File deleted
Spyware/Grayware Detection Count	Displays the total number of spyware/grayware managed products detect. Example: OfficeScan detects 10 spyware/grayware instances of the same spyware/grayware on one computer. The Spyware/Grayware Detection Count equals 10, while the Unique Spyware/Grayware Count equals 1.

Content Violation Information

Summary Information

Content Violation Policy Summary: Displays summary for content violation detections due to specific policies. Example: name of the policy in violation, the type of filter which detects the content violation, the total number of content violations on the network

Data	Description
Policy in Violation	Displays the name of the policy which clients violate.
Filter Type	Displays the type of filter which triggers the violation. Example: content filter, phishing filter, URL reputation filter
Unique Policy Violation Sender Count	Displays the number of unique email message addresses sending content that violates managed product policies. Example: A managed product detects 10 violation instances of the same policy coming from 3 computers. The Unique Policy Violation Sender Count equals 3.
Unique Policy Violation Recipient Count	Displays the number of unique email message recipients receiving content that violate managed product policies. Example: A managed product detects 10 violation instances of the same policy on 2 computers. The Unique Policy Violation Recipient Count equals 2.
Policy Violation Detection Count	Displays the total number of policy violations managed products detect. Example: A managed product detects 10 violation instances of the same policy on one computer. The Policy Violation Detection Count equals 10, while the Unique Policy in Violation Count equals 1.

Content Violation Sender Summary: Displays summary for content violation detections due to specific senders. Example: name of the content sender, the number of unique content violations, the total number of content violations on the network

Data	Description
Policy Violation Sender	Displays the email address sending content which violates managed product policies.
Policy Violation Detection Count	Displays the total number of policy violations managed products detect. Example: A managed product detects 10 violation instances of the same policy on one computer. The Policy Violation Detection Count equals 10, while the Unique Policy in Violation Count equals 1.
Unique Policy Violation Recipient Count	Displays the number of unique email message recipients receiving content that violate managed product policies. Example: A managed product detects 10 violation instances of the same policy on 2 computers. The Unique Policy Violation Recipient Count equals 2.
Unique Policy in Violation Count	Displays the number of unique policies in violation managed products detect. Example: A managed product detects 10 violation instances of the same policy on one computer. The Policy Violation Detection Count equals 10, while the Unique Policy in Violation Count equals 1.

Content Violation Detection Over Time Summary: Displays summary for content violation detections over a period of time (daily, weekly, monthly). Example: time and date of when summary data collected, number of clients affected by the content violation, total number of unique content violations and total number of content violations on the network

Data	Description
Summary Time	Displays the time at which the summary of the data occurs.
Unique Policy in Violation Count	Displays the number of unique policies in violation managed products detect. Example: A managed product detects 10 violation instances of the same policy on one computer. The Policy Violation Detection Count equals 10, while the Unique Policy in Violation Count equals 1.
Unique Policy Violation Sender Count	Displays the number of unique email message addresses sending content that violates managed product policies. Example: A managed product detects 10 violation instances of the same policy coming from 3 computers. The Unique Policy Violation Sender Count equals 3.
Unique Policy Violation Recipient Count	Displays the number of unique email message recipients receiving content that violate managed product policies. Example: A managed product detects 10 violation instances of the same policy on 2 computers. The Unique Policy Violation Recipient Count equals 2.
Policy Violation Detection Count	Displays the total number of policy violations managed products detect. Example: A managed product detects 10 violation instances of the same policy on one computer. The Policy Violation Detection Count equals 10, while the Unique Policy in Violation Count equals 1.

Content Violation Action/Result Summary: Provides summary for actions managed products take against content violations. Example: the action managed products take against the content violation, the number of email affected by the action taken

Data	Description
Action Taken	Displays the type of action managed products take against email in violation of content policies. Example: forwarded, attachments stripped, deleted
Email Count	Displays the number of email with the specified action taken by managed products.

Detailed Information

Detailed Overall Content Violation Information: Displays overall information about the content violations on your network. Example: the managed product which detects the content violation, the name of the specific policy in violation, the total number of content violations on the network

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Recipient	Displays the email recipients receiving content which violates managed product policies.
Sender	Displays the email address sending content which violates managed product policies.
Email Subject Content	Displays the content of the subject line of the email which violates a policy.
Policy in Violation	Displays the name of the policy an email violates.
Policy Settings	Displays the settings for the policy that an email violates.
Detected File Name	Displays the name of the file that violates a policy.
Detecting Filter Type	Displays the type of filter which detects the email in violation. Example: content filter, size filter, attachment filter
Detecting Filter Action	Displays the action the detecting filter takes against email in violation of a policy. Example: clean, quarantine, strip
Action Taken	Displays the type of action managed products take against email in violation of content policies. Example: deliver, strip, forward
Policy Violation Detection Count	Displays the total number of policy violations managed products detect.

Spam Violation Information

Summary Information

Overall Spam Violation Summary: Displays summary for spam detections on specific domains. Example: name of the domain receiving spam, the number of clients receiving spam, the total number of spam violations on the network

Data	Description
Recipient Domain	Displays the domain which receives spam.
Unique Recipient Count	Displays the number of unique recipients receiving spam from the specified domain. Example: A managed product detects 10 violation instances of spam from the same domain on 3 computers. The Unique Recipient Count equals 3.
Spam Violation Detection Count	Displays the total number of spam violations managed products detect. Example: A managed product detects 10 violation instances of the same spam on one computer. The Spam Violation Detection Count equals 10.

Spam Recipient Summary: Displays summary for spam violations on specific clients. Example: name of client, total number of instances of viruses/malware on the client

Data	Description
Recipient Name	Displays the name of the recipient who receives spam.
Spam Violation Detection Count	Displays the total number of spam violations managed products detect. Example: A managed product detects 10 violation instances of the same spam on one computer. The Spam Violation Detection Count equals 10.

Spam Detection Over Time Summary: Displays summary for spam detections over a period of time (daily, weekly, monthly). Example: time and date of when summary data collected, number of clients affected by spam, the total number of spam violations on the network

Data	Description
Summary Time	Displays the time at which the summary of the data occurs.
Unique Recipient Domain Count	Displays the total number of unique recipient domains affected by spam. Example: A managed product detects 10 violation instances of the same spam from 2 domains on 1 recipient domain. The Unique Recipient Domain Count equals 1.
Unique Recipient Count	Displays the number of unique recipients receiving spam from the specified domain. Example: A managed product detects 10 violation instances of spam from the same domain on 3 computers. The Unique Recipient Count equals 3.
Spam Violation Detection Count	Displays the total number of spam violations managed products detect. Example: A managed product detects 10 violation instances of the same spam on one computer. The Spam Violation Detection Count equals 10.

Detailed Information

Detailed Overall Spam Information: Displays overall information about the spam violations on your network. Example: the managed product which detects the content violation, the name of the specific policy in violation, the total number of spam violations on the network

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Recipient	Displays the recipients of email containing spam.
Sender	Displays the sender of email containing spam.
Email Subject Content	Displays the content of the subject line of the email containing spam.
Policy in Violation	The name of the policy the email violates.
Action Taken	Displays the type of action managed products take against spam found in email. Example: deliver, forward, strip
Spam Violation Detection Count	Displays the total number of spam violations managed products detect. Example: A managed product detects 10 violation instances of the same spam on one computer. The Spam Violation Detection Count equals 10.

Spam Connection Information: Displays overall information about the spam violations on your network. Example: the managed product which detects the spam violation, the specific action managed products take against spam violations, the total number of spam violations on the network

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Spam Source IP Address	Displays the IP address of the mail server where spam originates.
Detecting Filter Type	Displays the type of filter which detects the email in violation. Example: Real-time Blackhole List (RBL+), Quick IP List (QIL)
Action Taken	Displays the type of action managed products take against spam to prevent spam from entering the email server. Example: drop connection, bypass connection
Spam Violation Detection Count	Displays the total number of spam violations managed products detect. Example: A managed product detects 10 violation instances of the same spam on one computer. The Spam Violation Detection Count equals 10.

Policy/Rule Violation Information

Detailed Information

Detailed Overall Firewall Rule Violation Information: Displays overall information about the firewall violations on your network. Example: the managed product which detects the firewall violation, specific information about the source and destination, the total number of firewall violations on the network

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Event Type	The type of event which triggers the violation. Example: intrusion, policy violation
Security Risk Level	Displays the Trend Micro assessment of risk to your network. Example: high security, low security, medium security
Inbound/Outbound Traffic/Connection	Displays the direction of violation entry.
Protocol	Displays the protocol the intrusion uses. Example: HTTP, SMTP, FTP
Source IP Address	The IP address of the computer attempting an intrusion on your network.
Destination Port	The port number of the computer under attack.
Destination IP Address	The IP address of the computer under attack.
Target Application	The application the intrusion targets.
Description	Detailed description of the incident by Trend Micro.
Action Taken	Displays the type of action managed products take against policy violations. Example: file cleaned, file quarantined, file passed
Policy/Rule Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Policy/Rule Violation Detection Count equals 10.

Detailed Overall Endpoint Security Violation Information: Displays overall information about the endpoint security violations on your network. Example: the managed product which detects the Web violation, the name of the specific policy in violation, the total number of Web violations on the network

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Client in Violation	The host name of the computer in violation of the policy/rule.
IP Address of Client in Violation	The IP address of the computer in violation of the policy/rule.
MAC Address of Client in Violation	The MAC address of the computer in violation of the policy/rule.
Policy/Rule in Violation	The name of the policy/rule in violation.
Service in Violation	The name of the service/program in violation of the policy/rule.
Log On User Name	Displays the user name logged on to the client when a managed product detects a policy/rule violation.
Enforcement Action	The action a managed product takes to protect your network. Example: block, redirect, pass
Remediation Action	The action a managed product takes to solve the policy violation. Example: file cleaned, file quarantined, file deleted
Description	Detailed description of the incident by Trend Micro.
Policy/Rule Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Policy/Rule Violation Detection Count equals 10.

Detailed Overall Endpoint Security Compliance Information: Displays overall information about the endpoint security compliance instances on your network. Example: the managed product which detects the security compliance, the name of the specific policy in compliance, the total number of security compliances on the network

Data	Description
Time Received from Entity	Displays the time at which Control Manager receives data from the managed product.
Time Generated at Entity	Displays the time at which the managed product generates data.
Managed Product Entity Display Name	Displays the entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	Displays the name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Client in Compliance	Displays the host name of the computer in compliance of the policy/rule.
IP Address of Client in Compliance	Displays the IP address of the computer in compliance of the policy/rule.
MAC Address of Client in Compliance	Displays the MAC address of the computer in compliance of the policy/rule.
Policy/Rule in Compliance	Displays the name of the policy/rule in compliance.
Service in Compliance	Displays the name of the service/program in compliance of the policy/rule.
Log On User Name	Displays the user name logged on to the client when a managed product detects a policy/rule compliance.
Description	Detailed description of the incident by Trend Micro.
Policy/Rule Compliance Detection Count	Displays the total number of policy/rule compliances managed products detect. Example: A managed product detects 10 compliance instances of the same type on one computer. The Policy/Rule Compliance Detection Count equals 10.

Web Violation Information

Summary Information

Overall Web Violation Summary: Displays summary for Web violations of specific policies. Example: name of the policy in violation, the type of filter/blocking to stop access to the URL, the total number of Web violations on the network

Data	Description
Policy in Violation	Displays the name of the policy the URL violates.
Filter/Blocking Type	The type of filter/blocking preventing access to the URL in violation. Example: URL blocking, URL filtering, Web blocking
Unique Clients in Violation Count	Displays the number of unique clients in violation of the specified policy. Example: A managed product detects 10 violation instances of the same URL on 4 computers. The Unique Clients in Violation Count equals 4.
Unique URLs in Violation Count	Displays the number of unique URLs in violation of the specified policy. Example: A managed product detects 10 violation instances of the same URL on one computer. The Web Violation Detection Count equals 10, with the Unique URLs in Violation Count equal to 1.
Web Violation Detection Count	Displays the total number of Web violations managed products detect. Example: A managed product detects 10 violation instances of the same URL on 1 computer. The Web Violation Detection Count equals 10, with the Unique URLs in Violation Count equal to 1.

Web Violation Client Host Summary: Displays summary for Web violation detections from a specific client. Example: IP address of the client in violation, number of policies in violation, the total number of Web violations on the network

Data	Description
Host of Client in Violation	Displays the IP address/host name of clients in violation of Web policies.
Unique Policies in Violation Count	Displays the number of the policies in violation. Example: A managed product detects 10 policy violation instances of the same policy on 2 computers. The Unique Policies in Violation Count equals 1.
Unique URLs in Violation Count	Displays the number of unique URLs in violation of the specified policy. Example: A managed product detects 10 violation instances of the same URL on one computer. The Web Violation Detection Count equals 10, with the Unique URLs in Violation Count equal to 1.
Web Violation Detection Count	Displays the total number of Web violations managed products detect. Example: A managed product detects 10 violation instances of the same URL on 1 computer. The Web Violation Detection Count equals 10, with the Unique URLs in Violation Count equal to 1.

Web Violation URL Summary: Displays summary for Web violation detections from specific URLs. Example: name of the URL causing the Web violation, the type of filter/blocking to stop access to the URL, the total number of Web violations on the network

Data	Description
URL in Violation	Displays the URL violating a Web policy.
Filter/Blocking Type	The type of filter/blocking preventing access to the URL in violation. Example: URL blocking, URL filtering, Web blocking
Unique Clients in Violation Count	Displays the number of unique clients in violation of the specified policy. Example: A managed product detects 10 violation instances of the same URL on 4 computers. The Unique Clients in Violation Count equals 4.
Web Violation Detection Count	Displays the total number of Web violations managed products detect. Example: A managed product detects 10 violation instances of the same URL on one computer. The Web Violation Detection Count equals 10, with the URLs in Violation Count equals 1.

Web Violation Filter/Blocking Type Summary: Displays summary for the action managed products take against Web violations. Example: the type of filter/blocking to stop access to the URL, the total number of Web violations on the network

Data	Description
Blocking Category	The broad type of filter/blocking preventing access to the URL in violation. Example: URL blocking, URL filtering, Anti-spyware
Filter/Blocking Type	The type of filter/blocking preventing access to the URL in violation. Example: URL blocking, URL filtering, Virus/Malware
Web Violation Detection Count	Displays the number of total number of Web violations managed products detect. Example: A managed product detects 10 violation instances of the same URL on one computer. The Web Violation Detection Count equals 10, with the URLs in Violation Count equals 1.

Web Violation Detection Over Time Summary: Displays summary for Web violation detections over a period of time (daily, weekly, monthly). Example: time and date of when summary data collected, number of clients in violation, the total number of Web violations on the network

Data	Description
Summary Time	Displays the time at which the summary of the data occurs.
Unique Policies in Violation Count	Displays the number of the policies in violation. Example: A managed product detects 10 policy violation instances of the same policy on 2 computers. The Unique Policies in Violation Count equals 1.
Unique Clients in Violation Count	Displays the number of unique clients in violation of the specified policy. Example: A managed product detects 10 violation instances of the same URL on 4 computers. The Unique Clients in Violation Count equals 4.
Unique URLs in Violation Count	Displays the number of unique URLs in violation of the specified policy. Example: A managed product detects 10 violation instances of the same URL on one computer. The Web Violation Detection Count equals 10, with the Unique URLs in Violation Count equal to 1.
Web Violation Detection Count	Displays the total number of Web violations managed products detect. Example: A managed product detects 10 violation instances of the same URL on one computer. The Web Violation Detection Count equals 10, with the URLs in Violation Count equals 1.

Detailed Information

Detailed Overall Web Violation Information: Displays overall information about the Web violations on your network. Example: the managed product which detects the Web violation, the name of the specific policy in violation, the total number of Web violations on the network

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Inbound/Outbound Traffic/Connection	Displays the direction of violation entry.
Protocol	The protocol over which the violation takes place. Example: HTTP, FTP, SMTP
URL in Violation	Displays the name of the URL which violates a Web policy.
Client Host	Displays the IP address/host name of the client which violates a policy.
Filter/Blocking Type	The type of filter/blocking preventing access to the URL in violation. Example: URL blocking, URL filtering, Web blocking
Policy in Violation	Displays the name of the policy the URL violates.
File in Violation	Displays the name of the file which violates the policy.
Web Reputation Rating	Displays the relative safety, as a percentage, of a Web site according to Trend Micro.
Action Taken	Displays the type of action managed products take against policy violations. Example: pass, block
Web Violation Detection Count	Displays the total number of Web violations managed products detect. Example: A managed product detects 10 violation instances of the same URL on one computer. The Web Violation Detection Count equals 10, with the URLs in Violation Count equals 1.

Suspicious Threat Information

Summary Information

Overall Suspicious Threat Summary: Displays overall information about suspicious threats on your network. Example: the rule/violation in violation, summary information about the source and destination, the total number of suspicious threats on the network

Data	Description
Policy/Rule in Violation	The name of the policy/rule in violation.
Protocol	The protocol over which the violation takes place. Example: HTTP, FTP, SMTP
Unique Suspicious Threat Destination Count	Displays the number of unique computers affected by the suspicious threat. Example: A managed product detects 10 suspicious threat instances of the same type on 2 computers. The Unique Suspicious Threat Destination Count equals 2.
Unique Suspicious Threat Source Count	Displays the number of unique sources where suspicious threats originate. Example: A managed product detects 10 suspicious threat instances of the same type originating from 3 computers. The Unique Suspicious Threat Source Count equals 3.
Unique Suspicious Threat Recipient Count	Displays the number of unique email message recipients receiving content that violate managed product suspicious threat policies. Example: A managed product detects 10 suspicious threat violation instances of the same policy on 2 computers. The Unique Suspicious Threat Recipient Count equals 2.
Unique Suspicious Threat Sender Count	Displays the number of unique where suspicious threats e. Displays the number of unique email message senders sending content that violates managed product suspicious threat policies. Example: A managed product detects 10 suspicious threat violation instances of the same policy coming from 3 computers. The Unique Suspicious Threat Sender Count equals 3.
Suspicious Threat Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Suspicious Threat Violation Detection Count equals 10.
Mitigation Count	Displays the number of clients Network VirusWall Enforcer devices or Total Discovery Mitigation Server take action against.
Cleaned Client Count	Displays the total number of clients Total Discovery Mitigation Server cleans.
Clean Client Rate (%)	The percentage of clients Total Discovery Mitigation Server cleans compared to the total Suspicious Threat Violation Detection Count.

Suspicious Threat Source Summary: Displays summary for suspicious threat detections from a specific source. Example: name of the source, summary information about the destination and rules/violations, the total number of suspicious threats on the network

Data	Description
Suspicious Threat Source IP Address	Displays the IP addresses of sources where suspicious threats originate.
Unique Policies/Rules in Violation Count	The number of policies/rules the source computer violates. Displays the number of unique policies/rules the source computer violates. Example: A managed product detects 10 policy violation instances of the same policy on 2 computers. The Unique Policies/Rules in Violation Count equals 1.
Unique Suspicious Threat Destination Count	Displays the number of unique computers affected by the suspicious threat. Example: A managed product detects 10 suspicious threat instances of the same type on 2 computers. The Unique Suspicious Threat Destination Count equals 2.
Suspicious Threat Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Suspicious Threat Violation Detection Count equals 10.

Suspicious Threat Riskiest Destination Summary: Displays summary for the clients with the most suspicious threat detections. Example: name of the destination, summary information about the source and rules/violations, the total number of suspicious threats on the network

Data	Description
Suspicious Threat Destination IP Address	Displays the IP addresses of computers affected by suspicious threats.
Unique Policies/Rules in Violation Count	The number of policies/rules the source computer violates. Displays the number of unique policies/rules the source computer violates. Example: A managed product detects 10 policy violation instances of the same policy on 2 computers. The Unique Policies/Rules in Violation Count equals 1.
Unique Suspicious Threat Source Count	Displays the number of unique sources where suspicious threats originate. Example: A managed product detects 10 suspicious threat instances of the same type originating from 3 computers. The Unique Suspicious Threat Source Count equals 3.
Suspicious Threat Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Suspicious Threat Violation Detection Count equals 10.

Suspicious Threat Riskiest Recipient Summary: Displays summary for the recipients with the most suspicious threat detections. Example: name of the recipient, summary information about the senders and rules/violations, the total number of suspicious threats on the network

Data	Description
Suspicious Threat Recipient	Displays the email address of the recipient affected by the suspicious threat.
Unique Policies/Rules in Violation Count	The number of policies/rules the source computer violates. Displays the number of unique policies/rules the source computer violates. Example: A managed product detects 10 policy violation instances of the same policy on 2 computers. The Unique Policies/Rules in Violation Count equals 1.
Unique Suspicious Threat Sender Count	Displays the number of unique where suspicious threats e. Displays the number of unique email message senders sending content that violates managed product suspicious threat policies. Example: A managed product detects 10 suspicious threat violation instances of the same policy coming from 3 computers. The Unique Suspicious Threat Sender Count equals 3.
Suspicious Threat Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Suspicious Threat Violation Detection Count equals 10.

Suspicious Threat Sender Summary: Displays summary for suspicious threat detections from a specific sender. Example: name of the sender, summary information about the recipient and rules/violations, the total number of suspicious threats on the network

Data	Description
Suspicious Threat Sender	Displays the email address for the source of policy/rule violations.
Unique Policies/Rules in Violation Count	The number of policies/rules the source computer violates. Displays the number of unique policies/rules the source computer violates. Example: A managed product detects 10 policy violation instances of the same policy on 2 computers. The Unique Policies/Rules in Violation Count equals 1.
Unique Suspicious Threat Recipient Count	Displays the number of unique email message recipients receiving content that violate managed product suspicious threat policies. Example: A managed product detects 10 suspicious threat violation instances of the same policy on 2 computers. The Unique Suspicious Threat Recipient Count equals 2.
Suspicious Threat Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Suspicious Threat Violation Detection Count equals 10.

Suspicious Threat Protocol Detection Summary: Displays summary for suspicious threats detections over a specific protocol. Example: name of the protocol, summary information about the source and destination, the total number of suspicious threats on the network

Data	Description
Protocol Name	Displays the name of the protocol over which the suspicious threat occurs. Example: HTTP, FTP, SMTP
Unique Policies/Rules in Violation Count	The number of policies/rules the source computer violates. Displays the number of unique policies/rules the source computer violates. Example: A managed product detects 10 policy violation instances of the same policy on 2 computers. The Unique Policies/Rules in Violation Count equals 1.
Unique Suspicious Threat Destination Count	Displays the number of unique computers affected by the suspicious threat. Example: A managed product detects 10 suspicious threat instances of the same type on 2 computers. The Unique Suspicious Threat Destination Count equals 2.
Unique Suspicious Threat Source Count	Displays the number of unique sources where suspicious threats originate. Example: A managed product detects 10 suspicious threat instances of the same type originating from 3 computers. The Unique Suspicious Threat Source Count equals 3.
Unique Suspicious Threat Recipient Count	Displays the number of unique email message recipients receiving content that violate managed product suspicious threat policies. Example: A managed product detects 10 suspicious threat violation instances of the same policy on 2 computers. The Unique Suspicious Threat Recipient Count equals 2.
Unique Suspicious Threat Sender Count	Displays the number of unique where suspicious threats e. Displays the number of unique email message senders sending content that violates managed product suspicious threat policies. Example: A managed product detects 10 suspicious threat violation instances of the same policy coming from 3 computers. The Unique Suspicious Threat Sender Count equals 3.
Suspicious Threat Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Suspicious Threat Violation Detection Count equals 10.

Suspicious Threat Detection Over Time Summary: Displays summary for suspicious threats detections over a period of time (daily, weekly, monthly). Example: time and date of when summary data collected, summary information about the source and destination, the total number of suspicious threats on the network

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Mitigation Server Entity Display Name	The entity display name for the mitigation server. Control Manager identifies managed products using the managed product's entity display name.
Inbound/Outbound Traffic/Connection	Displays the direction of network traffic or the position on the network the suspicious threat originates.
Protocol Group	Displays the broad protocol group from which a managed product detects the suspicious threat. Example: FTP, HTTP, P2P
Protocol	Displays the protocol from which a managed product detects the suspicious threat. Example: ARP, Bearshare, BitTorrent
Suspicious Threat Destination IP Address	Displays the IP address of the client the suspicious threat affects.
Suspicious Threat Destination Port	Displays the port number of the client the suspicious threat affects.
Suspicious Threat Destination MAC Address	Displays the MAC address of the client the suspicious threat affects.
Suspicious Threat Source IP Address	Displays the IP address of the source from which the suspicious threat originates.
Suspicious Threat Source Host Name	Displays the name of the source from which the suspicious threat originates.
Suspicious Threat Source Port	Displays the port number of the source from which the suspicious threat originates.
Suspicious Threat Source MAC Address	Displays the MAC address of the source from which the suspicious threat originates.
Domain Name	Displays the domain of the source from which the suspicious threat originates.
VLAN ID	Displays the VLAN ID (VID) of the source from which the suspicious threat originates.
Risk Type	Displays the specific type of security risk managed products detect. Example: virus, spyware/grayware, fraud
Threat Confidence Level	Displays Trend Micro's confidence that the suspicious threat poses a danger to your network.
Detected By	Displays the filter, scan engine, or managed product which detects the suspicious threat.
Policy/Rule in Violation	Displays the policy/rule the suspicious threat violates.
Recipient	Displays the recipient of the suspicious threat.
Sender	Displays the sender of the suspicious threat.
Email Subject Content	Displays the content of the subject line of the email containing spyware/grayware.
URL in Violation	Displays the URL considered a suspicious threat.
Log On User Name	Displays the user name logged on to the destination when a managed product detects a suspicious threat.
Instant Messaging/IRC User Name	The instant messaging or IRC user name logged on when Total Discovery Appliance detects a violation.
Internet Browser/FTP Client	Displays the Internet browser or ftp client from which the suspicious threat originates.
Channel Name	The protocol that the instant messaging software or IRC use for communication.
File Name of Suspicious File	Displays the name of the suspicious file.
Suspicious File in Compressed File	Displays whether the suspicious threat originates from a compressed file.
File Size	Displays the size of the suspicious file.
File Extension	Displays the file extension of the suspicious file. Example: .wmf, .exe, .zip
True File Type	Displays the"true" file type which is detected using the file's header not the file's extension.
Shared Folder	Displays whether the suspicious threat originates from a shared folder.
Authentication	Displays whether authentication was used.
BOT Command	Displays the command that bots send or receive to or from the control channel.
BOT URL	Displays the URL that bots receive their commands from.
Constraint Type	Displays the reason that a file cannot be scanned correctly.
Mitigation Result Description	Displays the result of the action the mitigation server takes against suspicious threats.
Mitigation Action Taken	Displays the action the mitigation server takes against suspicious threats. Example: File cleaned, File dropped, File deleted
Suspicious Threat Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Suspicious Threat Violation Detection Count equals 10.

Detailed Information

Detailed Overall Suspicious Threat Information: Displays overall information about suspicious threats on your network. Example: the managed product which detects the suspicious threat, specific information about the source and destination, the total number of suspicious threats on the network

Data	Description
Time Received from Entity	The time at which Control Manager receives data from the managed product.
Time Generated at Entity	The time at which the managed product generates data.
Managed Product Entity Display Name	The entity display name for a managed product. Control Manager identifies managed products using the managed product's entity display name.
Managed Product Name	The name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Mitigation Server Entity Display Name	The entity display name for the mitigation server. Control Manager identifies managed products using the managed product's entity display name.
Inbound/Outbound Traffic/Connection	Displays the direction of network traffic or the position on the network the suspicious threat originates.
Protocol Group	Displays the broad protocol group from which a managed product detects the suspicious threat. Example: FTP, HTTP, P2P
Protocol	Displays the protocol from which a managed product detects the suspicious threat. Example: ARP, Bearshare, BitTorrent
Suspicious Threat Destination IP Address	Displays the IP address of the client the suspicious threat affects.
Suspicious Threat Destination Port	Displays the port number of the client the suspicious threat affects.
Suspicious Threat Destination MAC Address	Displays the MAC address of the client the suspicious threat affects.
Suspicious Threat Source IP Address	Displays the IP address of the source from which the suspicious threat originates.
Suspicious Threat Source Host Name	Displays the name of the source from which the suspicious threat originates.
Suspicious Threat Source Port	Displays the port number of the source from which the suspicious threat originates.
Suspicious Threat Source MAC Address	Displays the MAC address of the source from which the suspicious threat originates.
Domain Name	Displays the domain of the source from which the suspicious threat originates.
VLAN ID	Displays the VLAN ID (VID) of the source from which the suspicious threat originates.
Risk Type	Displays the specific type of security risk managed products detect. Example: virus, spyware/grayware, fraud
Threat Confidence Level	Displays Trend Micro's confidence that the suspicious threat poses a danger to your network.
Detected By	Displays the filter, scan engine, or managed product which detects the suspicious threat.
Policy/Rule in Violation	Displays the policy/rule the suspicious threat violates.
Suspicious Threat Recipient	Displays the recipient of the suspicious threat.
Suspicious Threat Sender	Displays the sender of the suspicious threat.
Email Subject Content	Displays the content of the subject line of the email containing spyware/grayware.
URL in Violation	Displays the URL considered a suspicious threat.
Log On User Name	Displays the user name logged on to the destination when a managed product detects a suspicious threat.
Instant Messaging/IRC User Name	The instant messaging or IRC user name logged on when Total Discovery Appliance detects a violation.
Internet Browser/FTP Client	Displays the Internet browser or ftp client from which the suspicious threat originates.
Channel Name	The protocol that the instant messaging software or IRC use for communication.
File Name of Suspicious File	Displays the name of the suspicious file.
Suspicious File in Compressed File	Displays whether the suspicious threat originates from a compressed file.
File Size	Displays the size of the suspicious file.
File Extension	Displays the file extension of the suspicious file. Example: .wmf, .exe, .zip
True File Type	Displays the"true" file type which is detected using the file's header not the file's extension.
Shared Folder	Displays whether the suspicious threat originates from a shared folder.
Authentication	Displays whether authentication was used.
BOT Command	Displays the command that bots send or receive to or from the control channel.
BOT URL	Displays the URL that bots receive their commands from.
Constraint Type	Displays the reason that a file cannot be scanned correctly.
Mitigation Action Taken	Displays the action the mitigation server takes against suspicious threats. Example: File cleaned, File dropped, File deleted
Mitigation Result Description	Displays the result of the action the mitigation server takes against suspicious threats.
Suspicious Threat Violation Detection Count	Displays the total number of policy/rule violations managed products detect. Example: A managed product detects 10 violation instances of the same type on one computer. The Suspicious Threat Violation Detection Count equals 10.

Overall Threat Information

Complete Network Security Risk Analysis Information: Displays information for overall security risks affecting your desktops. Examples: name of the security risk, total number of security risk detections, number of clients affected

Data	Description
Security Risk Category	Displays the broad category of the security risk managed products detect. Example: Antivirus, Anti-spyware, Anti-phishing
Security Risk Type	Displays the specific type of security risk managed products detect. Example: adware, network virus, hacking tool
Security Risk Name	Displays the name of security risk managed products detect.
Detected Entry Type	Displays the entry point for the security risk that managed products detect. Example: virus found in file, HTTP, Windows Live Messenger (MSN)
Unique Security Risk/Violation Destination Count	Displays the number of unique computers affected by the security risk/violation. Example: OfficeScan detects 10 virus instances of the same virus on 2 computers. The Security Risk/Violation Detection Count equals 10, while the Unique Security Risk/Violation Destination Count equals 2.
Unique Security Risk/Violation Source Count	Displays the number of unique computers where security risks/violations originate. Example: OfficeScan detects 10 virus instances of the same virus, coming from 3 sources, on 2 computers. The Security Risk/Violation Detection Count equals 10, while the Unique Security Risk/Violation Source Count equals 3.
Security Risk/Violation Detection Count	Displays the total number of security risks/violations managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk/Violation Detection Count equals 10, while the Unique Security Risk/Violation Destination Count equals 1.

Network Protection Boundary Information: Displays information for a broad overview of security risks affecting your entire network. Examples: managed product network protection type (gateway, email), type of security risk, number of clients affected

Data	Description
Managed Product Category	Displays the category to which the managed product belongs. Example: desktop products, mail server products, network products
Managed Product Name	Displays the name of the managed product. Example: OfficeScan, ScanMail for Microsoft Exchange
Security Risk Category	Displays the broad category of the security risk managed products detect. Example: Antivirus, Anti-spyware, Anti-phishing
Unique Security Risk/Violation Destination Count	Displays the number of unique computers affected by the security risk/violation. Example: OfficeScan detects 10 virus instances of the same virus on 2 computers. The Security Risk/Violation Detection Count equals 10, while the Unique Security Risk/Violation Destination Count equals 2.
Unique Security Risk/Violation Source Count	Displays the number of unique computers where security risks/violations originate. Example: OfficeScan detects 10 virus instances of the same virus, coming from 3 sources, on 2 computers. The Security Risk/Violation Detection Count equals 10, while the Unique Security Risk/Violation Source Count equals 3.
Security Risk/Violation Detection Count	Displays the total number of security risks/violations managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk/Violation Detection Count equals 10, while the Unique Virus/Malware Count equals 1.

Security Risk Entry Point Analysis Information: Displays information with the entry point of security risks as the focus. Examples: managed product network protection type (gateway, email, desktop), name of the security risk, time of the last security risk detection

Data	Description
Detected Entry Type	Displays the point of entry for security risks managed products detect. Example: Virus found in file, FTP, File transfer
Managed Product Name	Displays the name of the managed product which detects the security risk. Example: OfficeScan, ScanMail for Microsoft Exchange
Security Risk Category	Displays the broad category of the security risk managed products detect. Example: Antivirus, Anti-spyware, Anti-phishing
Unique Security Risk/Violation Destination Count	Displays the number of unique computers affected by the security risk/violation. Example: OfficeScan detects 10 virus instances of the same virus on 2 computers. The Security Risk/Violation Detection Count equals 10, while the Unique Security Risk/Violation Destination Count equals 2.
Unique Security Risk/Violation Source Count	Displays the number of unique computers where security risks/violations originate. Example: OfficeScan detects 10 virus instances of the same virus, coming from 3 sources, on 2 computers. The Security Risk/Violation Detection Count equals 10, while the Unique Security Risk/Violation Source Count equals 3.
Security Risk/Violation Detection Count	Displays the total number of security risks/violations managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk/Violation Detection Count equals 10, while the Unique Virus/Malware Count equals 1.

Security Risk Destination Analysis Information: Displays information with affected clients as the focus. Examples: name of the client, the broad range of how the security risk enters your network, number of clients affected

Data	Description
Security Risk/Violation Destination	Displays the name of computers affected by the security risk/violation.
Security Risk Category	Displays the broad category of the security risk managed products detect. Example: Antivirus, Anti-spyware, Anti-phishing
Security Risk Type	Displays the specific type of security risk managed products detect. Example: adware, network virus, hacking tool
Security Risk Name	Displays the name of security risk managed products detect.
Security Risk/Violation Detection Count	Displays the total number of security risks/violations managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk/Violation Detection Count equals 10, while the Unique Virus/Malware Count equals 1.
Time of Latest Infection/Violation	Displays the time and date of the last security risk/violation detection on the computer affected the security risk/violation.

Security Risk Source Analysis Information: Displays information with the security risk source as the focus. Examples: name of the security risk source, the broad range of how the security risk enters your network, number of clients affected

Data	Description
Security Risk/Violation Source	Displays the name of the computer where cause of the security risk/violation originates.
Security Risk Category	Displays the broad category of the security risk managed products detect. Example: Antivirus, Anti-spyware, Anti-phishing
Security Risk Type	Displays the specific type of security risk managed products detect. Example: adware, network virus, hacking tool
Security Risk Name	Displays the name of security risk managed products detect.
Security Risk/Violation Detection Count	Displays the total number of security risks/violations managed products detect. Example: OfficeScan detects 10 virus instances of the same virus on one computer. The Security Risk/Violation Detection Count equals 10, while the Unique Virus/Malware Count equals 1.
Time of Latest Infection/Violation	Displays the time and date of the last security risk/violation detection on the computer affected the security risk/violation.