Detected_Files
The Detected Files screen contains a list of files with potential security risks. Threat Discovery Appliance tags these files as potential security risks/threats and makes a copy of the files for assessment.
The Detected Files screen displays the following information:
|
Information on the Detected Files screen |
|
Log Information |
Description |
|
Date |
The date and time the incident occurred To view details for a particular incident, click a link under Date. A new screen opens, with the details for the incident. For more information, see Event Details. |
|
Protocol |
Protocols such as HTTP, FTP, SMTP, and POP3 |
|
Direction |
Indicates whether an incident happened inside the network or is an external attack |
|
DstIP |
IP address of the threat target |
|
SrcIP |
IP address of the source of the threat |
|
RiskType |
The type of threat |
|
File name |
File name of the potential threat |
Use the filter feature on the screen to search for specific files. You can save any of the files in the Detected Files screen and then submit them to Trend Micro for assessment.
To specify filter criteria:
Detections > Detected Files
Click Filter. The Filter Criteria window opens.
The next items are optional. Specifying additional items will produce more targeted results, but being too specific might also produce no result.
Select a protocol from the list. Use the Control (Ctrl) key to select more than one protocol.
Type an IP address.
Select the traffic direction from the drop-down list.
Select a date range. Set the date range by typing a date or clicking the calendar icon.
Click Filter.
To save files:
Detections > Detected Files
Select the files you want to save.
Click Save detected file(s). Threat Discovery Appliance archives the files to a compressed file (.tgz).
Save the compressed file to your preferred location.
Do not open the compressed file as the files inside it might be infected.
See also: