Antivirus Scans, Security Manager, Malware Detection | Endpoint Manager

Antivirus and File Rating Scans

Click 'Security Sub-systems' > 'Antivirus' to open this area.

This area allows you to:

View the infection status of managed Windows, Mas OS, Linux and Android devices.

Run antivirus and file rating scans on devices

View a consolidated list of all malware on all endpoints

View all quarantined files on Windows, Mac OS and Linux devices

View an all-time history of threats discovered on all endpoints

Manually delete, quarantine or ignore malicious files

The 'Antivirus' interface has four tabs:

Device List - Shows the status of all managed devices with regards to antivirus health. The interface shows:

The date and type of the most recent virus scan

Whether or not the device is using the latest virus database

The malware status of the device (clean, infected or unknown)

You can also run a on-demand scan on a device, and delete/quarantine/ignore threats.

See The Device List Interface for more details.

Current Malware List – Lists all unprocessed malware residing on managed devices. You can delete, ignore or quarantine specific pieces of malware on specific devices, or apply these actions to multiple threats at once. See View and Manage Identified Malware for more details.

Windows Quarantine - Malware which has been quarantined by Comodo Client Security on Windows, Mac and Linux devices. You can delete or restore quarantined items, or assign a trust rating to items. See View and Manage Quarantined Items for more details.

Android Threat History - A log of all malicious items found on Android devices over time. See View Android Threats History for more details.

Autorun Items – List of files that tried to modify Windows services, auto-start entries or scheduled tasks. See View and Manager Autorun Items for more details.

The Device List Interface

The 'Device List' screen displays the infection status of Android, Mac OS, Windows and Linux devices. From here you can:

Run on-demand antivirus scans on selected devices

Run file rating scans on Windows devices

Choose the action to be taken on malware discovered by scans.

Update the AV database on endpoints

Export device list data from the table

Note: You can run virus scans on specific areas of a device and setup ongoing, scheduled scans. These tasks are configured in the 'Antivirus' section of the device's configuration profile. See:

Windows – see Custom Scans and Create a Windows Profile.

MAC – see Scan Profiles and Create Mac OS Profile.

Linux – see Create and Manage Scan Profiles and Create a Linux Profile

Open the 'Device List':

Click 'Security Sub-Systems' > 'Antivirus'

Select the 'Device List' tab

Select a company and group on the left to view all devices in it

Or

Select 'Show All' to view all devices enrolled to EM

The list shows all Android, Windows, Mac OS and Linux devices along with their last scan details, infection status and antivirus database update state.

Antivirus Device List - Column Descriptions
Column Heading	Description
OS	The operating system of the device.
Name	The label of the device on which the threat was found. If no name was assigned then the model number of the device is used. Gray text color shows the device has been offline for the past 24 hours. Click the name of the device to open its device details interface. See Manage Windows Devices, Manage Mac OS Devices, Manage Linux Devices and Manage Android / iOS Devices for more details.
Logged in User	The name of the user currently signed-in to the device. The user name is prefixed with the active directory (AD) domain or workgroup that the user is currently logged-in to: Active Directory - Name is shown as [AD domain name][user name] Workgroup - Name is shown as [workgroup name][user name] No network - Name is shown as [device name][user name] Click the icon to copy the username to the clipboard.
Antivirus DB State	The update status of the virus signature database on the device.
Antivirus DB Version	The version number of the virus signature database on the device.
Antivirus DB Date	The date and time at which the AV database was last updated.
Run By	The source that initiated the last scan. An antivirus scan or a file rating scan can be initiated in the following ways: Portal - Manually run by an admin from the EM interface. See Run Antivirus and/or File Rating Scans on Devices for more details. User - Manually run by the end-user at the device itself. Scheduled - Automatically run as per the schedule defined in the configuration profiles effective on the device.
Scan Type	Indicates the kind of the last scan ran on the device. The possible types of scan are: Antivirus Full Scan - Applies to Windows, Mac OS and Android devices. Antivirus Quick Scan - Applies to Windows, Mac OS and Android devices. File Rating Quick Scan - Applies only to Windows devices. Custom Scan - Applies to Windows and Mac OS devices. Manual Scan - Applies to Windows and Mac OS devices. SD Card Scan - Applies only to Android devices.
Scan State	Status of the last scan run on the device. Possible states are: Not scanned yet Complete Scanning Failed Viruses found Canceled Command sent
Scan Date	The date and time at which the last scan was run.
Malware Status	The infection status of the device. Devices with untreated malware are listed as 'Infected'. Click the 'Infected' link to view a list of malware on all managed devices. You can remove, quarantine or ignore the malware direct from this list. See View and Manage Identified Malware for more details. Alternatively, you can also view/manage malware from the device details screen. Click 'Security Sub-Systems' > 'Antivirus' > 'Device List'. See Handle malware on scanned devices for more details.

Controls
Scan	Run a manual scan on selected devices. See Run Antivirus and/or File Rating Scans on Devices for more details.
Stop Scan	Terminate any type of on-going scans on selected devices. This includes on-demand scans run from the EM console, scheduled scans run by the security profiles active on the device and any on-demand scan run by the local user from the Comodo Client - Security (CCS) application on the device. See Run Antivirus and/or File Rating Scans on Devices for more details.
Protective Action	Remove, quarantine or ignore threats found on infected devices. See Handle malware on scanned devices for more details.
Update Antivirus DB	Manually run a virus signature update on selected devices. See Update virus signature database on Windows and Mac OS Devices for mode details.
Export	Save the device list, including current statuses, as a .csv file. The exported .csv is available in 'Dashboard' > 'Reports'. See Export the List of Devices for more details.

The 'Antivirus' > 'Device List' interface allows you to:

Run Antivirus and/or File Rating Scans on Devices

Handle malware on scanned devices

Update virus signature database on Windows and Mac OS Devices

Sorting, Search and Filter Options

Click any column header except 'Antivirus DB version' to sort items in ascending/descending order of the column header.

Click the funnel icon on the right to filter items by various criteria.

Start typing or select the search criteria in the search field to find a particular item and click 'Apply'.

To display all items again, clear any filters and search criteria and click 'Apply'.

By default EM returns 20 results per page when you perform a search. Click the arrow next to the 'Results per page' drop-down to increase results up to a maximum of 200.

Use the left and right arrows and the page numbers to navigate to the page you want to view.

IT Endpoint Manager

Endpoint Manager Administrator Guide 6.43

English

Antivirus and File Rating Scans