Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIVISTA SAFEGUARD MANAGER
81828384858687888990
OmniVista SafeGuard Manager Administration Guide
81
Chapter 4: Visualization
Viewing Malware Incidents
The term malware is derived from malicious software, which is any program or file that is
harmful to a computer system. Common types of malware include computer viruses,
worms, Trojan horses, and spyware.
When SafeGuard OS detects malware on the system, malware policies specify how the
infection is handled. For more information on how SafeGuard OS detects and isolates
malware security threats, see the OmniAccess SafeGuard OS Administration Guide. These
malware policies specify how much or how little access a user or an application has to the
network when it is suspected of being infected. OmniVista SafeGuard Manager allows
administrators to view all malware incidents and clear or whitelist any incidents on a
per-user or per-application basis, if necessary.
To view all malware incidents:
1 Click the View Malware Incidents icon from the Page Bar or select View > Go To >
Malware Incidents (Ctrl + 2) menu item. The All Malware Incidents view displays
the following information:
Table 12 Malware Attributes
Attribute Description
Time Time the malware incident was detected.
Malware Action Action taken against the malware incident.
Severity Severity level of the malware incident.
Category Category to which the malware incident belongs.
Algorithm Algorithm used to identify whether the suspected malware is actually
malware.
Application Application that was being used at the time of malware detection.
Application Group The name of the application group to which the infected application
belongs. An application group is a collection of application protocols.
# of Connections Number of connection attempts.
Time taken to Detect Time it took to detect the malware incident.
Username User name that created the malware violation.
Computer Name Name of the computer from which the malware incident originated.
MAC Address MAC address of the computer from which the malware incident
originated.
Source IP Address Originating IP address where malware was detected.
Destination IP Address Destination IP address.