Statistics

On the Statistics tab, you can configure statistics information that will be written to the log file, to the Server database, and further can be viewed in the statistic section of the Control Center.

To add corresponding type of information to the DB, set the following flags:

Quarantine state—logs stations Quarantine state.

Hardware and software composition—enables monitoring of hardware and software composition and storing the information in the database.

List of the station modules—enables monitoring of the list of the station modules and storing the information in the database.

List of installed components—enables monitoring of the list of the installed components (Scanner, monitors, etc) and storing the information in the database.

Sessions of stations users—enables monitoring of user sessions and storing in the database the logins of users which are loged in the system with installed Agent.

Start/Stop of components—enables monitoring of the information on the start and stop of the components (Scanner, monitors, etc) and storing the information in the database at stations.

Detected security threats—enables monitoring of infections detecting and storing the information in the database.

If the Detected security threats flag is set, you can also configure additional parameters of statistic on infections.

Set the Track epidemic flag to enable the mode of administrator notification on virus epidemic cases. If the flag is cleared, notifications on virus infection are performed in the standard mode. If the flag is set, you can configure the following parameters of virus epidemic tracking:

Prohibition period on sending notifications—time period in seconds after sending the notification about epidemic, during which single notifications about infected stations will not be sent.

Period of infected stations counting—time period in seconds, during which specified number of messages on infected stations must be received, to send the corresponding notification about epidemic.

Messages number—the number of messages on infections that must be received in specified time period, so that Dr.Web Server may send to the administrator a single notification on epidemic on all cases of infection (the Epidemic in the nettwork notification).

Number of the most common threats—number of the most frequently occurring threats which must be included in the epidemic report.

Set the Group reports of Preventive protection flag to send a single summary report on multiple events of Preventive protection. If the flag is cleared, the Preventive protection events are sent in separate notifications, not depending on their number. If the flag is set, you can configure the following parameters of summary reports:

Prohibition period on sending notifications—time period in seconds after sending a summary report on Preventive protection events, during which notifications about single events will not be sent.

Period of counting terminated connections—time period in seconds, during which specified number of Preventive protection events must be occurred to send a summary report.

Events number—the number of the Preventive protection events that must be received in specified time period, so that Dr.Web Server may send to the administrator a single summary report on these events (the Summary report of Preventive protection notification).

Number of the most active processes—number of the most frequently occurring processes that have performed a suspicious action, which must be included in the Preventive protection report.

Set the Send statistics to Doctor Web company flag, to activate sending statistics on detected stations security threats to the Doctor Web company. The following fields will become available:

Interval—an interval in minutes for sending statistics;

Identifier—an MD5 key (located in the Server configuration file);

Interval for sending statistics is the only obligatory field.

Abnormally terminated connections—enables monitoring of abnormally terminated connections with clients and be able to send corresponding notifications to the administrator.

Specify the following settings of abnormally terminated connections:

Prohibition period on sending notifications—time period in seconds after sending the notification on multiple connections termination, during which notifications about single terminated connections will not be sent.

Period to counting terminated connections—time period in seconds, during which specified number of connections with clients must be terminated, to send the corresponding notification.

Number of connections for notification on single terminations—minimum number of connections with a single address that must be terminated during the counting period, to send the notification about single abnormally terminated connection (the Connection terminated abnormally notification).

Number of connections for notification on multiple terminations—minimum number of connections that must be terminated during the counting period, to send the common notification about multiple abnormally terminated connections (the Large number of abnormally terminated connections detected notification).

Duration of short connections—if duration of terminated connection with a client is less than specified value, then specified number of connections is reached, notification about single terminated connections will be sent not depending on the counting period. At this, the connection must not be terminated further by the longer connections, and the notification about multiple abnormally terminated connections must not be sent (the Large number of abnormally terminated connections detected notification).

Scan errors—enables monitoring of scan errors occurring and storing the information in the database.

Scan statistics—enables monitoring of the statistics of scanning and storing the information in the database.

Agent installations—logs the information about Agent installations at the stations.

Blocked devices—enables monitoring of information on devices blocked by the Office Control component and storing the information in the database.

Application Control statistics on processes activity—enables monitoring of processes activity at stations detected by Application Control and write the information to the database.

Application Control statistics on processes blocking—enables monitoring the blocking of the processes at stations by Application Control and write the information to the database.

Multiple blockings by Application Control—allows to track multiple blockings of processes by Application Control and be able to send corresponding notifications to the administrator.

Specify the following events settings:

Prohibition period on sending notifications—time period in seconds after sending a summary report on processes blocked by Application Control, during which notifications about single blokings will not be sent.

Period of counting blocked processes—time period in seconds, during which specified number of processes must be blocked to send a summary report.

Events number—the number of events on processes blocked by Application Control that must be received in specified time period, so that Dr.Web Server may send to the administrator a single summary report on these events (Large number of blocks by the Application Control detected notification).

Number of the most common profiles—number of the most common profiles according to which the block was made, and which must be included in the notification on multiple blockings.

Station tasks execution log—log results of tasks execution on workstations and store the log in the DB.

Station statuses—log status changes for workstations and store the log in the DB.

Virus database statuseslog changes in virus databases status and contents on workstations and store the logs in the DB. The flag is available only if the Station statuses flag is set.

Location dataget information on stations location and store the information in the database.

To view statistics information

1.Select the Anti-virus network item of the main menu.

2.Select a station or a group in the hierarchical list.

3.Open the corresponding section of the control menu (see the table below).

info

Detailed information about statistic data is described in the Viewing Workstation Statistics section.

The table below describes correspondence between flags in the Statistics tab of the Server settings and items of the control menu on the Anti-virus network page.

If you clear flags on the Statistics tab, corresponding items of the control menu become hidden.

Correspondence between flags of Statistics data section and items of the control menu

Server parameters

Menu options

Quarantine state

General → Quarantine

Configuration → Windows → Dr.Web Agent → Quarantine remote control flag

Hardware and software composition

General → Hardware and software

General → Detected devices

List of the station modules

Statistics → Modules

List of installed components

General → Installed components

Sessions of stations users

General → Users sessions

Start/Stop of components

Statistics → Start/Stop

Detected security threats

Statistics → Threats

Statistics → Threat statistics

Statistics → Preventive protection events

Scan errors

Statistics → Errors

Scan statistics

Statistics → Scan statistics

Agent installations

Statistics → Agent installations

Blocked devices

Statistics → Blocked devices

Application Control statistics on processes activity

Statistics → Application Control events

Administration → Application Control → Application catalog

Application Control statistics on processes blocking

Station tasks execution log

Statistics → Tasks

Station statuses

Statistics → Status

Statistics → Virus databases

Virus database statuses

Statistics → Virus databases