Means for monitoring malware incidents with F-Secure software

This discussion has a more recent version.
Jali Posts: 1,769 F-Secure Employee

There are various malware monitoring opportunities available provided both by F-Secure and the operating system.

Means provided by F-Secure

  • Remotely:
    • Policy Manager Console
    • Policy Manager Web Reporting
    • Alert Forwarding
    • Syslog forwarding (configured through Console > Server configuration > Syslog page)
  • On host:
    • Local User Interface
    • Logfiles
    • Logfile.log
    • Application.evt

Means provided by third partie

  • Active Directory - Computer Management / Application Event Log
  • SNMP Solutions

Note: For AD alert management to work correctly, TCP/445 and 135 must be open on the workstations to and from the management server.

Protection status monitoring is possible through the Policy Manager Console's Outbreak Manager tab. Information presented there includes:
  • Overall domain protection status
  • Threat specific information (e.g. protection status against MYDOOM.F)
  • Key host information (updated automatically):
    • Connection Status
    • Protection Status
    • AV Update Delta - the time between the last definition update and the last successful connection to PM. This is critical if the status is connected and the update delta value is high.