To view a summary of detected threats, you can generate the Threat History (Collated) report. This report displays a bar chart for endpoints with detected threats and blocked programs. From here, you can create overrides for blocked programs and restore files from quarantine.
Note: To view a summary of threats, see Generating Daily Threat History Reports. The Threat History (Daily) report provides a summary; you cannot manage threats from that report.
You can modify the report data as follows:
- View all threats within a selected policy or group, which is helpful if you need to narrow search results to a specific set of endpoints.
- Drill down to see the threats detected within a date range, which is helpful if you want to narrow the search results to a specific time period.
To generate the Threat History (Collated) report:
- From the Endpoint Protection console, click the Reports tab.
- From the Report Type drop-down menu, select Threat History (Collated).
- If needed, select a specific policy or group. Otherwise, the report data displays all policies and groups, and may take a long time to generate, depending on your environment.
- In the Between and And fields, enter a start and end date for the report data.
- To include deactivated and hidden endpoints in the report, select the Include deactivated and hidden checkbox. This is an optional step.
- Click the Submit button.
The report displays in the right pane.
- From this panel, you can click one of the bars to view more details about Endpoints with threats or Blocked Programs.
If you click the Blocked Programs bar chart, the bottom panel displays details about the programs.
- From the bottom panel you can click the View links in the All Endpoints and All Versions column to view more information.
The View link under All Endpoints displays this panel.
The View link under All Versions displays this panel.
- To set an override for the file or restore it from quarantine, select the Endpoints with threats bar to display more information in the bottom panel.
- Locate the row for the endpoint that has the blocked program and select the View link in the Blocked Programs column.
The following window displays.
- In this window, you can do either of the following:
- Create override — To bypass Endpoint Protection and designate the file as Good (allow the file to run) or Bad (detect and quarantine the file), click Create override from the command bar. For more information, see Applying Overrides To Files From Reports.
- Restore from Quarantine — If the file is safe, to restore it to the original location on the endpoint, click Restore from Quarantine from the command bar.
You can also select whether you want to apply this override to all policies or selected policies, so you don't need to create this override again on other endpoints.
- To display or hide additional data for the report, click a column header to open the drop-down menu, then select checkboxes to add or remove columns.