Means for monitoring malware incidents with F-Secure software - F-Secure Community
<main> <article class="userContent"> <p> </p> Means for monitoring malware incidents with F-Secure software <p>There are various malware monitoring opportunities available provided both by F-Secure and the operating system. </p> <h3>Means provided by F-Secure</h3> <div> <ul><li>Remotely: <ul><li>Policy Manager Console </li> <li>Policy Manager Web Reporting </li> <li>Alert Forwarding </li> <li>Syslog forwarding (configured through Console > Server configuration > Syslog page) </li> </ul></li> <li>On host: <ul><li>Local User Interface </li> <li>Logfiles </li> <li>Logfile.log </li> <li>Application.evt </li> </ul></li> </ul></div> <h3>Means provided by third partie</h3> <div> <ul><li>Active Directory - Computer Management / Application Event Log </li> <li>SNMP Solutions </li> </ul></div> <p><strong>Note:</strong> For AD alert management to work correctly, TCP/445 and 135 must be open on the workstations to and from the management server. </p> <div>Protection status monitoring is possible through the Policy Manager Console's Outbreak Manager tab. Information presented there includes: <ul><li>Overall domain protection status </li> <li>Threat specific information (e.g. protection status against MYDOOM.F) </li> <li>Key host information (updated automatically): <ul><li>Connection Status </li> <li>Protection Status </li> <li>AV Update Delta - the time between the last definition update and the last successful connection to PM. This is critical if the status is connected and the update delta value is high. </li> </ul></li> </ul></div> <br> </article> </main>