Means for monitoring malware incidents with F-Secure software There are various malware monitoring opportunities available provided both by F-Secure and the operating system.
Means provided by F-Secure
- Remotely:
- Policy Manager Console
- Policy Manager Web Reporting
- Alert Forwarding
- Syslog forwarding (configured through Console > Server configuration > Syslog page)
- On host:
- Local User Interface
- Logfiles
- Logfile.log
- Application.evt
Means provided by third partie
- Active Directory - Computer Management / Application Event Log
- SNMP Solutions
Note: For AD alert management to work correctly, TCP/445 and 135 must be open on the workstations to and from the management server.
Protection status monitoring is possible through the Policy Manager Console's Outbreak Manager tab. Information presented there includes:
- Overall domain protection status
- Threat specific information (e.g. protection status against MYDOOM.F)
- Key host information (updated automatically):
- Connection Status
- Protection Status
- AV Update Delta - the time between the last definition update and the last successful connection to PM. This is critical if the status is connected and the update delta value is high.