Procedure
- Go to or .
- In the agent tree, click the root domain icon () to include all agents or select specific domains or agents.
- Click or .
- Specify the log criteria and then click Display Logs.
- View logs. Logs contain the following information:
-
Date/Time unauthorized process was detected
-
Endpoint where unauthorized process was detected
-
Endpoint domain
-
Violation, which is the event monitoring rule violated by the process
-
Action performed when violation was detected
-
Event, which is the type of object accessed by the program
-
Risk level of the unauthorized program
-
Program, which is the unauthorized program
-
Operation, which is the action performed by the unauthorized program
-
Target, which is the process that was accessed
-
Infection channel from where the threat originated
-
- To save logs to a comma-separated value (
CSV
) file, click Export to CSV. Open the file or save it to a specific location.