> Security > Security activity > Security Activity overview

Security Activity overview

The new Security Activity tool provides a convenient single window where you can view status and activity information for several LANDESK Security Suite services running on your managed devices.

Security Activity lets you view status and activity information for:

  • LANDESK Antivirus
  • Host Intrusion Prevention (HIPS)
  • LANDESK Firewall
  • Device Control

You can also perform these tasks:

  • Configure security activity threshold settings
  • Purge security activity information

View security status and activity

The Security Activity tool lets you view information about LANDESK Security Suite services.

The security tools you can view are described in the following sections.

View LANDESK Antivirus activity and status information

If the LANDESK Antivirus scanner discovers any of the selected virus definitions on target devices, this information is reported to the core server. You can use any of the following methods to view detected security data after running a scan.

This window displays antivirus activity and status information by the following categories:

  • Infections by computer
  • Infections by virus
  • Quarantined infections by computer
  • Quarantined infections by virus
  • Trusted items by computer
  • Computers not recently reporting antivirus activity
  • Recent antivirus activity by computer
  • Recent antivirus activity by virus

Additionally, for a scanned device, right-click the device, select Security and Patch Information, and in the Type drop-down list select Antivirus. You can view:

  • Missing antivirus updates
  • Not detected
  • Antivirus updates not scanned
  • Installed antivirus updates
  • Clean/Repair history

About the Antivirus activity and status information dialog box

Use this dialog box to view detailed antivirus activity and status information for all of your managed devices with the LANDESK Antivirus agent. This scan result data is used to generate the LANDESK Antivirus reports available in the Reports tool.

To customize the scope and focus of data that is displayed, click Thresholds and change the time period thresholds for scanned device's recent antivirus activity and devices that haven't recently been scanned.

You can also right-click a device in this view to access its shortcut menu and directly perform available tasks.

This dialog box contains the following options:

  • Refresh: Updates the fields in the dialog box with the latest antivirus scan information from the database.
  • Thresholds: Opens the Threshold settings dialog box, where you can define the duration (in days) for both recent antivirus activity and "not recent" antivirus scanning. Thresholds determine the time period for which antivirus scan results are gathered and displayed for the two computer-specific display categories.
  • Infections by computer: Lists devices in the right pane on which virus infections were discovered during the last system scan. Select a device to see the specific viruses infecting the device.
  • Infections by virus: Lists viruses in the right pane that were discovered on managed devices during the last system scan. Select a virus definition to see the devices it has infected.
  • Computers not recently scanned for antivirus vulnerabilities: Lists all of the devices with the LANDESK Antivirus agent that have not been scanned for viruses within the time period specified on the Threshold settings dialog box. If you want to run an immediate antivirus scan, right-click the device, click LANDESK Antivirus scan now, select an antivirus setting, and then click OK.
  • Computers with recent antivirus activity: Lists all of the devices with the LANDESK Antivirus agent that have been scanned and have returned antivirus activity within the time period specified on the Threshold settings dialog box. Select a device to see its specific antivirus activities, including virus detection, removal, infected object quarantine, backup, and restoration.

View HIPS activity

If HIPS detects violations to its rules and certification rights, this information is reported to the core server. You can use the following methods to view detected HIPS activity.

For information about HIPS activity throughout your network, in the Security Activity tool, open the Host Intrusion Prevention group. The window displays HIPS activity by the following categories:

  • Preventions by computer
  • Preventions by application
  • Preventions by action

You can also view specific host intrusion activity at the bottom of the window, including the following details:

  • Action Date
  • Action
  • Description
  • Application
  • File version
  • File size
  • File date
  • Mode
  • MD5 hash

About the HIPS activity dialog box

Use this dialog box to view detailed HIPS activity for all of your managed devices with the LANDESK HIPS agent. This data is used to generate the LANDESK HIPS reports available in the Reports tool.

To customize the scope and focus of data that is displayed, click Thresholds and change the time period threshold for storing HIPS activity information in the core database, and for the number of items to display in the HIPS activity window lists.

You can also right-click a device in this view to access its shortcut menu and directly perform available tasks.

This dialog box contains the following options:

  • Refresh: Updates the fields in the dialog box with the latest HIPS information from the database.
  • Thresholds: Opens the Threshold settings dialog box, where you can define the duration (in days) for storing HIPS data in the core database and the number of items to display in the HIPS activity lists.
  • Purge: Completely and permanently removes HIPS activity data from both this display window and the core database.
  • Preventions by computer: Lists devices in the right pane on which HIPS violations were discovered. Select a device to see the specific violations.
  • Preventions by application: Lists applications in the right pane that were discovered on managed devices. Select an application to see the devices it was discovered on.
  • Preventions by action: Lists actions in the right pane that were taken on managed devices. Select an action to see the devices on which it was taken.

View LANDESK Firewall activity

The window displays Firewall activity by the following categories:

  • Preventions by computer
  • Preventions by application
  • Preventions by action

Views Device Control activity

The window displays Device Control activity by the following categories:

  • Blocked storage devices
  • Blocked CD/DVD device
  • Other blocked devices
  • Shadow copy files

 


Was this article useful?    

The topic was: