Views:

View and manage files identified and quarantined by Server & Workload Protection to contain malware.

An identified file is a file that the agent found to be or to contain malware, and has been encrypted and moved to a special folder on the protected computer. To view identified files in Server & Workload Protection, go to access the Protection Manager and go to Events & ReportsEventsAnti-Malware EventsIdentified Files.
Support for viewing and restoring files depends on the Anti-Malware configuration, and the operating system of the endpoint where the file was found:
For information about events that are generated when malware is encountered, see Anti-Malware events.
From the Identified Files list, you can take several actions:

Action
Description
Details
View identified files
Identified Files presents a list of files Server & Workload Protection identified
Identified Files lists the following information:
  • Infected File: The name of the infected file and the specific security risk
  • Malware: The name of the detected malware infection
  • Computer: The name of the endpoint containing the file
Search for a file
Use the filters or advanced search to locate specific files
Identified Files features two basic filters:
  • Period: Filters by time range
  • Computers: Filters by group, policy, or specific computer
To use the advanced search, click Search this page and select Open Advanced Search. For more information, seeSearch for an identified file.
View detailed information
The Details screen provides detailed information for the identified file
Select a file and click details=6adf47dd-913c-4586-8dcf-b57640800e39.png View, or double-click a file name to open Details
The Details window lists the following information:
  • Detection Time: The date and time on the infected endpoint when the infection was detected
  • Infected File(s): The name of the infected file
  • File SHA-1: The SHA-1 hash of the file.
  • Malware: The name of the detected malware
  • Scan Type: Indicates the method the malware was detected: Real-time, Scheduled, or Manual scan
  • Action Taken: The result of the action taken by Server & Workload Protection when the malware was detected
  • Computer: The endpoint where the file was found
    If the endpoint has been removed, the entry displays "Unknown Computer"
  • Container Name: The name of the Docker container where the malware was found
  • Container ID: The ID of the Docker container where the malware was found
  • Container Image Name: The image name of the Docker container where the malware was found
Delete a file
Deleting a file permanently removes the file from the endpoint
Select an identified file and click delete=c0ff9d68-0db4-49f0-a73e-eb72b5c90ac8.png Delete
Export file information
Export and download the detailed information of an infected file as a CSV
This exports the detailed information of the infected file, not the infected file.
Select an identified file and click export=d51798dc-3e46-4bfe-be06-0c88fb46bc2b.png Export
Restore a file
Restore an identified file to the original location and condition
Note
Note
To prevent Server & Workload Protection from encrypting the file again, you must add an exception for the file. For more details, see Restore identified files.
Select an identified file and click anti_malware_restore_quarantine_file=85554c91-00a0-4d05-a30c-0bfe0d6139f9.png Restore
Download a file
Download an encrypted file from the infected computer
Note
Note
You can manually restore a downloaded file using the QDecrypt tool. For more details, see Manually restore identified files.
Select an identified file and click anti_malware_quarantine_file_download=25f7c116-f13e-43b2-85da-522f0ddd848b.png Download
Add or remove columns from the list view
Manage which information to display on the Identified Files list
Click columns=7c59c262-342d-4e3e-8181-0ea30819ac11.png Columns and select which columns to display
View details of the infected endpoint
Display the detailed information of the endpoint
Right-click an identified file and select details=6adf47dd-913c-4586-8dcf-b57640800e39.png Computer Details
View the event
Display the Anti-Malware event associated with the identified file
Right-click an identified file and select details=6adf47dd-913c-4586-8dcf-b57640800e39.png View Anti-Malware Event
Related information