Threats Management

You can view the list of detected threats and manage the reaction to them on the Threats page.

This page contains the full list of threats detected by the components of Dr.Web for UNIX File Servers that monitor and scan the file system. In the upper part of the page, you can see a menu which allows filtering the threats by their category:

•All—show all detected threats (including both active and quarantined threats).

•Blocked—show all blocked threats, that is, threats that were not neutralized, but for which the infected objects containing them were blocked (only for file storages monitored by SpIDer Guard for SMB).

Just next to each name of a threat category (to its right) in the upper menu, the quantity of detected threats that fall into this category is displayed. The currently selected category, for which the threats belonging to it are currently displayed, is emphasized in a darker font. To display threats of a required category, click the name of the category in the menu.

•File—name of the file that contains a malicious object (file path is not specified).

•Component—name of the component of Dr.Web for UNIX File Servers that detected the threat.

•Threat—name of the threat that was detected in the file (according to the classification used by the Doctor Web company).

•Name of the threat (displayed as a link that opens a page of the Dr.Web virus information library with the threat description).

•Name of the user who uploaded the file to the file server (only for file storages monitored by SpIDer Guard for SMB).

•Identifier that was assigned to the quarantined file containing a threat (if the file was quarantined).

•Full path that points to the original location of the file (where the file was located at the moment of threat detection).

You can select any object in the list by clicking on it. To select multiple objects, select the check boxes for the corresponding objects. To select all objects or cancel the selection, select the check box in the File field in the threat list header.

To apply actions to objects selected in the list, click the corresponding button on the toolbar, which is located directly above the threat list. The toolbar contains the following buttons (note that some of them can be unavailable depending on the type of selected threats):

—remove (i.e. to permanently delete) selected files.

—restore selected files from quarantine to the original location.

—apply an additional action to the selected files (available actions are specified in the drop-down list):

•Quarantine—put the selected files that contain threats to quarantine

•Cure—try to cure the threats

•Ignore—ignore the threats detected in selected files and to remove the threats from the list

Note that managing of threats detected on NSS volumes requires SpIDer Guard for NSS to be installed and started.

If in the settings of SpIDer Guard for NSS—which monitors NSS volumes—Quarantine is specified as an action that must be automatically applied to some threat type, the object containing a threat of this type will be placed to quarantine again on attempt to restore this object from quarantine to an NSS volume. For example, the default settings of this monitor move all incurable objects to quarantine. This is why, when any incurable object is restored from quarantine to an NSS volume, this object is automatically returned to quarantine.

You can also filter displayed threats based on a search query. To filter unnecessary threats out and display only those that correspond to the query, use the search box. The box is displayed on the right side of the toolbar and is marked with

. To filter the threat list, enter a word in the search box. All threats that do not have the entered word in their name or description, will be hidden (this filtering is not case-sensitive). To clear search results and display the unfiltered list, click

in the search box or erase the word.