Views:
An identified file is a file that has been found to be or to contain malware and has therefore been encrypted and moved to a special folder on the protected computer. Whether or not an infected file can be viewed and restored depends on the Anti-Malware configuration, and the operating system on which the file was found:
For information about events that are generated when malware is encountered, see Anti-Malware events.

See a list of identified files Parent topic

The Events and Reports page provides a list of identified files. From there you can see the details for any of those files.

Procedure

  1. Click Events & Reports > Events > Anti-Malware Events > Identified Files.
  2. To see the details of a file, select the file and click View.

What to do next

The list of identified files includes the following columns of information:
  • Infected File: Shows the name of the infected file and the specific security risk.
  • Malware: Names the malware infection.
  • Computer: Indicates the name of the computer with the suspected infection.
The Details window provides the following information:
  • Detection Time: The date and time on the infected computer that the infection was detected.
  • Infected File(s): The name of the infected file.
  • File SHA-1: The SHA-1 hash of the file.
  • Malware: The name of the malware that was found.
  • Scan Type: Indicates whether the malware was detected by a Real-time, Scheduled, or Manual scan.
  • Action Taken: The result of the action taken by Server & Workload Protection when the malware was detected.
  • Computer: The computer on which this file was found. (If the computer has been removed, this entry will read "Unknown Computer".)
  • Container Name: Name of the Docker container where the malware was found.
  • Container ID: ID of the Docker container where the malware was found.
  • Container Image Name: Image name of the Docker container where the malware was found.

Working with identified files Parent topic

The Identified Files page allows you to manage tasks related to identified files. Using the menu bar or the right-click context menu, you can:
  • anti_malware_restore_quarantine_file=85554c91-00a0-4d05-a30c-0bfe0d6139f9.png
    Restore identified files back to their original location and condition.
  • anti_malware_quarantine_file_download=25f7c116-f13e-43b2-85da-522f0ddd848b.png
    Download identified files from the computer or Virtual Appliance to a location of your choice.
  • delete=c0ff9d68-0db4-49f0-a73e-eb72b5c90ac8.png
    Delete one or more identified files from the computer or Virtual Appliance.
  • export=d51798dc-3e46-4bfe-be06-0c88fb46bc2b.png
    Export information about the identified file(s) (not the file itself) to a CSV file.
  • details=6adf47dd-913c-4586-8dcf-b57640800e39.png
    View the details of an identified file.
  • details=6adf47dd-913c-4586-8dcf-b57640800e39.png
    Computer Details displays the screen of the computer on which the malware was detected.
  • details=6adf47dd-913c-4586-8dcf-b57640800e39.png
    View Anti-Malware Event displays the Anti-Malware event associated with this identified file.
  • columns=7c59c262-342d-4e3e-8181-0ea30819ac11.png
    Add or Remove Columns by clicking Add/Remove.
  • search=c4ee7ed0-2061-4bc7-a121-fb9a678e7dad.png
    Search for a particular identified file.
  • Use the Period drop-down menu to see only the files that were identified within a specific time frame.
  • Use the Computers drop-down menu to organize files by Computer Groups or Computer Policies.
  • Click Search this page Open Advanced Search to toggle the display of the advanced search options:
2016-07-08_000132_DS10=c9267b0f-9ecd-426b-859f-52ee6f210683.png
Advanced searches include one or more search criteria for filtering identified files. Each criterion is a logical statement comprised of the following items:
  • The characteristic of the identified file to filter on, such as the type of file (infected file or malware) or the computer that was affected.
  • An operator:
    • Contains: The entry in the selected column contains the search string.
    • Does Not Contain: The entry in the selected column does not contain the search string.
    • Equals: The entry in the selected column exactly matches the search string.
    • Does Not Equal: The entry in the selected column does not exactly match the search string.
    • In: The entry in the selected column exactly matches one of the comma-separated search string entries.
    • Not In: The entry in the selected column does not exactly match any of the comma-separated search string entries.
  • A value.
To add a criterion, click the "plus" button (+) to the right of the topmost criterion.To search, click the Search button (the circular arrow).
Note
Note
Searches are not case-sensitive.

Restore identified files Parent topic

Create a scan exclusion for the file Parent topic

Before you can restore a file to its original location, you have to create a scan exclusion so that Server & Workload Protection doesn't immediately re-identify the file when it reappears on the computer.
Note
Note
The following instructions describe how to create an exclusion for the file on an individual computer but you can make the same configuration changes at the policy level.

Procedure

  1. Open the Computers page and go to Anti-Malware Identified Files and double click the identified file to view its properties.
  2. Note the file's exact name and original location.
  3. Still in the Computers page, go to Anti-Malware General and click the Edit button next to each Malware Scan that's in effect to open the Malware Scan Configuration properties window.
    2016-07-07_000116_DS10=af586859-d7b0-4616-9138-33f0fc39a564.png
  4. In the Malware Scan Configuration properties window, click on the Exclusions tab.
  5. In the Scan Exclusions area, select File List and then either press edit if a file list is already selected, or select New from the menu to create a new File List.
  6. In the File List properties window, enter the file path and name of the file to be restored. Click OK to close the File List properties window.
    2016-07-08_000124_DS10=a75bc0b3-fcb5-46a7-9a7f-44debf4a0ae8.png
  7. Close the Malware Scan Configuration properties window by clicking OK.
  8. When you've edited all the Malware Scan Configurations, click Save in the Computers page to save your changes. You're now ready to restore your file.

Restore the file Parent topic

Procedure

  1. Still in the Computers page, go to the Anti-Malware Identified Files tab.
  2. Right-click the identified file and select Actions Restore and follow the steps in the wizard.

What to do next

Your file is restored to its original location.