From Group Management, you can view the scan history of endpoints and manage any detected threats. You can restore a file from quarantine if you know it is legitimate. For more information, see Restoring Files From Quarantine

            

You can also reclassify a file as Good (allowed to run) or Bad (auto-quarantined). For more information, see Setting Overrides for Files.

            

Viewing Scan Histories

            

You can view a scan history for endpoints from the Group Management panel, which helps you determine where threats were found.

            

To view the scan history:

            

  1. Click the Group Management tab.

  2. From the Groups panel on the left, select a group with the endpoints you want.

            

  1. From the Endpoints panel on the right, select one of the endpoints.


    The Scan History panel displays, displaying scan activity and any threats detected on the endpoint.


    Note: If the pathname where a threat was identified includes a drive letter, the letter is masked with a question mark. For example, you might see a pathname that looks similar to the following: ?:\users\user1\desktop.

            

  1. If needed, you can display or hide additional data about the endpoint and the scan history. Click a column header to display the drop-down menu, then select checkboxes to add or remove columns. For descriptions of the data in the columns, see Sorting Data in Tables and Reports.

            

Restoring Files From Quarantine

            

You can restore a file from quarantine from the Scan History panel.  The file is automatically returned to its original location on the endpoint.

            

Additionally you can restore a file from the All Threats Seen report; for more information, see Generating All Threats Seen Reports.

            

To restore a file:

            

  1. View the scan history for a particular endpoint, as described previously in this section.
             
  2. In the Scan History panel, locate the file by doing either of the following:
    • Click View in the Status column for the date when the threat was detected 
    • Click the View all threats seen on this endpoint button

            

  1. In the dialog that displays, select a file by selecting its checkbox.
     
  2. Click the Restore from Quarantine button.

    The system returns the file to its original location on the endpoint.

            

Setting Overrides for Files

            

You can set an override for a file from the Scan History panel. Additionally, you can set an override from the Overrides tab; for more information, see Applying Overrides From the Overrides Tab.

            

To set an override for a file:

            

  1. View the scan history for a particular endpoint, as described previously in this section.
               
  2. In the Scan History panel, locate the file by doing either of the following:
    • Click View in the Status column for the date when the threat was detected 
    • Click the View all threats seen on this endpoint button

            

  1. In the dialog that displays, select a file in the list.

  2. Click the Create override button.


    The Create override window displays.

            

  1. From the Determination drop-down menu, select one of the following:
    • Good — Always allow the file to run.
    • Bad — Always send the file to quarantine.

            

  1. You can apply this override globally or to an individual policy, as follows:
    • To apply the override to all policies, select the Apply the override globally checkbox.
    • To select an individual policy for the override, deselect the Apply the override globally checkbox. When the Policy field displays, from the drop-down menu, select a policy.