Investigation Results

Use the Investigation Results screen to view an investigation's details and its progress. Once an investigation starts, the investigation appears here. Recently created investigations appear first.

The following table lists all the investigation details available for review:

Table 1. Results Details

Column Name

Description

Status

The status of the investigation, if the investigation is Pending, Processing, Completed or Cancel.

Progress

The investigation's percentage of completion.

Investigated Time

The date and time when the investigation was started.

Name

The name given to the investigation.

Method

The method used by the investigation.

Tags

The user-defined string given when the investigation was created.

For details, see Investigation.

Target Endpoints

The number of endpoints included in the investigation.

For details, see Selecting Targets.

Matched

The number of matching objects found on the endpoint.

Time Elapsed

Time elapsed since the investigation started.

Use the following options to manage the investigations:

  • Click Cancel to stop the progress of the investigation. However, results for endpoints already investigated are still available for review. Cancelled investigations cannot be resumed.

    Note:
    • After the investigation has been cancelled, the Trend Micro Endpoint Sensor server may show the status of some endpoints as still being processed for investigation. The server stops updating the screen once an investigation is cancelled. However, if an endpoint is in the middle of being investigated, Trend Micro Endpoint Sensor will finish the investigation for that endpoint, but will no longer proceed with the remaining endpoints.

    • If a previous investigation is cancelled and a new investigation is started, the new investigation may some time to start. If the user cancels the investigation, investigations for all remaining pending endpoints are dropped, but Trend Micro Endpoint Sensor will still complete the investigation for the currently investigated endpoint before stopping completely. This investigation can take some time to complete. Note that the previous investigation has to completely stop before a new investigation can begin.

  • Click Remove to remove the investigation from the list. The investigation and all endpoint data related to the investigation will be removed from the server. Removed investigations cannot be recovered.

  • Use Filters to filter the list by tags. Select one or more tags to display only the endpoints with that tag.

  • Use the pagination control at the bottom of the list to display 10, 25, 50 or 100 endpoints at a time.

To view more details, click the investigation's Name.