For general best practices related to events, see Events in Server & Workload Protection.
To see the Anti-Malware events captured by Server & Workload Protection, go to .
What information is displayed for Anti-Malware events?
These columns can be displayed on the Anti-Malware Events page. You can click Columns
to select which columns are displayed in the table.
- Created: The time that the file or folder was created.
- Modified: The time that the file or folder was last modified.
- Detected: The time that the event took place on the computer.
- Computer: The computer on which this event was logged. (If the computer has been removed, this entry will read "Unknown Computer".)
- Infected File(s): The location and name of the infected file.
- Tag(s): Event tags associated with this event.
- Malware: The name of the malware that was found.
- Action Taken: Displays the results of the actions specified in the malware scan
configuration associated with the event.
- Cleaned:Server & Workload Protection successfully terminated processes or deleted registries, files, cookies, or shortcuts, depending on the type of malware.
- Clean Failed: Malware could not be cleaned for a variety of possible reasons.
- Deleted: An infected file was deleted.
- Delete Failed: An infected file could not be deleted for a variety of possible reasons. For example, the file may be locked by another application, is on a CD, or is in use. If possible, Server & Workload Protection will delete the infected file once it is released.
- Quarantined: An infected file was moved to the identified files folder.
- Quarantine Failed: An infected file could not be quarantined for a variety of possible reasons. For example, the file may be locked by another application, is on a CD, or is in use. If possible, Server & Workload Protection will quarantine the infected file once it is released. It is also possible that the "Maximum disk space used to store identified files" (specified on the tab) has been exceeded.
- Access Denied: Server & Workload Protection has prevented the infected file from being accessed without removing the file from the system.
- Passed: Server & Workload Protection did not take any action but logged the detection of the malware.
- Scan Type: The type of scan that found the malware (Real-Time, Scheduled, or Manual).
- Event Origin: Indicates from which part of the Server & Workload Protection system the event originated.
- Reason: The malware scan configuration that was in effect when the malware was detected.
- Major Virus Type: The type of malware detected. Possible values are: Joke, Trojan, Virus, Test, Spyware, Packer, Generic, or Other. For information on these types of malware, see the Anti-Malware event details or see What types of malware does Server & Workload Protection protect against?
- Target(s): The file, process, or registry key (if any) that the malware was trying to affect. If the malware was trying to affect more than one, this field will contain the value "Multiple."
- Target Type: The type of system resource that this malware was trying to affect, such as the file system, a process, or Windows registry.
- Container ID: ID of the Docker container where the malware was found.
- Container Image Name: Image name of the Docker container where the malware was found.
- Container Name: Name of the Docker container where the malware was found.
- File MD5: The MD5 hash of the file.
- Process Image Path: The full path of the process that generates an anti-malware event detection.
- Process PID: The PID of the process that generates an anti-malware event.
NoteSince Windows does not support process information, it does not support process image
path or process PID.
|
List of all Anti-Malware events
ID
|
Severity
|
Event
|
9001
|
Info
|
Anti-Malware Scan Started
|
9002
|
Info
|
Anti-Malware Scan Completed
|
9003
|
Info
|
Anti-Malware Scan Terminated Abnormally
|
9004
|
Info
|
Anti-Malware Scan Paused
|
9005
|
Info
|
Anti-Malware Scan Resumed
|
9006
|
Info
|
Anti-Malware Scan Canceled
|
9007
|
Warning
|
Anti-Malware Scan Cancel Failed
|
9008
|
Warning
|
Anti-Malware Scan Start Failed
|
9009
|
Warning
|
Anti-Malware Scan Stalled
|
9010
|
Error
|
File cannot be analyzed or quarantined (VM maximum disk space used to store identified
files exceeded)
|
9011
|
Error
|
File cannot be analyzed or quarantined (maximum disk space used to store identified
files exceeded)
|
9012
|
Warning
|
Smart Protection Server Disconnected for Smart Scan
|
9013
|
Info
|
Smart Protection Server Connected for Smart Scan
|
9014
|
Warning
|
Computer reboot is required for Anti-Malware protection
|
9016
|
Info
|
Anti-Malware Component Update Successful
|
9017
|
Error
|
Anti-Malware Component Update Failed
|
9018
|
Error
|
Files could not be scanned for malware
|
9019
|
Error
|
Directory could not be scanned for malware
|