5.1 Antimalware Dashlets

When ZENworks Endpoint Security is active in the zone, the ZENworks Control Center displays four Antimalware dashlets in the Security Dashboard by default. These dashlets give you the capability to monitor malware scans and threats and updates to the Antimalware Agent on devices that have the Antimalware Enforcement Policy enforced. You can also initiate scans and malware signature updates to those devices from specific dashlets. When you click Security in the ZENworks Control Center navigation panel, it takes you directly to the Security Dashboard.

5.1.1 Device Last Malware Scan

This dashlet displays scan activities for devices in your zone to monitor malware threats. By default, it displays information about any type of scan that was performed on devices for a specified time period. You can change the selected time periods based on your requirements. When you mouse over the chart, the time period and the number of threats detected during that time period are displayed.

Modify the Data Displayed

To filter the data displayed by the dashlet, expand and modify any of the sections in the following panels and apply the changes:

  • Filter Tab: Enables you to view information about the last malware scan that was performed on the devices in the zone, based on filters such as the scan type, device folders, device groups, and operating system.

  • Time Filter Tab: Enables you to filter the data based on the following time periods:

    NOTE:Ensure that the time periods do not overlap with each other.

    Duration

    Time Period

    Description

    Additional Information

    Up to

    Days

    This includes the time elapsed from now until 0:00 hours of the selected day.

    For example, if you configure this time filter Up to 1 Day at 5:30 PM on 16 April, all devices that were scanned from 12:00 AM, 15 April to 5:30 PM, 16 April are displayed.

    • When you select the Up to filter, the From field is disabled.

    • If you configure the time filter in weeks or months, each week is calculated as 7 days and each month is calculated from the selected day to the same day in the following month.

    Weeks

    This includes the time elapsed from now until 0:00 hours of the selected week.

    For example, if you configure this time filter Up to 1 Week at 5:30 PM on 16 April, all devices that contacted the server from 12:00 AM, 9 April to 5:30 PM, 16 April will be displayed.

    Months

    This includes the time elapsed from now until 0:00 hours of the selected month.

    For example, if you configure this time filter Up to 1 Month at 5:30 PM on 16 April, all devices that contacted the server from 12:00 AM, 16 March to 5:30 PM, 16 April will be displayed.

     

    Between

    Days

    This includes the time elapsed between the two specified days.

    For example, if you specify the duration as 1 day to 7 days, and configure this time filter at 5:30 PM on 16 April, all devices that contacted the server from 12:00 AM, 9 April to 23:59 PM, 15 April.

    • The From field should be less than the To field.

    • If you configure the time filter in weeks/months, then each week is calculated as 7 days and each month is calculated as the same day on which the time filter was configured in the selected month.

    Weeks

    This includes the time elapsed between two specified weeks.

    For example, if you specify the duration as 1 Week to 3 Weeks, and configure this time filter at 5:30 PM on 16 April, all devices that contacted the server from 12:00 AM, 26 March to 23:59 PM, 9 April will be displayed.

    Months

    This includes the time elapsed between two specified months.

    For example, if you specify the duration as 1 Month to 3 Months, and configure this time filter at 5:30 PM on 16 April, all devices that contacted the server from 12:00 AM, 16 January to 23:59 PM, 16 March will be displayed.

     

    More than

    Days

    This includes the time elapsed beyond the specified days.

    For example, if you configure the time filter as More than 30 days, at 5:30 PM on 16 April, all devices that contacted the server from 12:00 AM, 16 March and before will be displayed.

    If you configure the time filter in weeks/months, then each week is calculated as 7 days and each month is calculated as the same day on which the time filter was configured in the selected month.

    Weeks

    This includes the time elapsed beyond the specified weeks.

    If you configure the time filter as More than 3 Weeks, at 5:30 PM on 16 April, all devices that contacted the server from 12:00 AM, 27 March and before will be displayed.

    Months

    This includes the time elapsed beyond the specified months.

    If you configure the time filter as more than 2 Months, at 5:30 PM on 16 April, all devices that contacted the server from 12:00 AM, 16 February and before will be displayed.

Execute Actions from the Device Panel

The Devices panel displays the scan details based on the selected filters. It provides information about the device, the scan type and the time at which the scan was run. The following actions can be performed on the filtered content, within the Devices panel:

Task

Description

Scan Now

Performs the selected type of scan on the selected devices. The scan options include Full, Quick, Custom, and Network. If you select Custom or Network, you need to browse and select the relevant Custom or Network Scan policy.

NOTE:Custom Scan and Network Scan policies in the selection list are not filtered for device assignments when you select a policy for a Custom or Network scan, so you need to ensure the selected policy is assigned to the device.

Update Malware Signature

Forces a Malware Signature update on the selected devices if the signature is out dated.

Update Antimalware Agent

Forces an Antimalware Agent update on the selected devices if the Antimalware Agent is outdated on the selected devices.

Refresh

To update the scan related information in the dashlet.

Show or Hide columns

Click to show or hide columns within the Devices panel.

Search

Filters the data displayed in the table by specifying the device name or the user name in the search field.

For general information about using the ZENworks Dashboard, reference the Help at Home > Dashboard.

5.1.2 Device Malware Status

This dashlet displays the malware status for individual devices in the zone, for a selected detection period. The malware status options include:

  • Resolved: Displays the details of devices on which all the identified threats are resolved. The threats are resolved by placing them in quarantine, or by disinfecting or deleting them.

  • Unresolved: Displays the details of devices on which, at least one threat has not been resolved as yet, meaning the file was ignored or blocked. Blocked files only occur with On-Access scans, in which case all access to the file is denied by the Antimalware Agent.

  • No Threats: Displays the details of devices that do not have any threats.

  • Unknown: Displays the details of devices that have not contacted the server in the last three days. This value can be configured based on your requirement. For more information, see Security Dashboard Configuration.

By default, this dashlet displays the device malware status for the last 24 hours. However, you can change the filters to view the malware status for the last 7 or 30 days. When you hover over the chart, the malware status and the associated number of devices are displayed.

Modify the Data Displayed

To modify the data that is displayed, expand the sections in the filter panel, modify the required filters and apply the changes. The data can be filtered based on the device folders, device groups, device type, operating system, threat status, and detection period.

Execute Actions from the Devices Panel

The Devices panel displays the scan details based on the selected filters. It provides information about the device, the scan type and the time at which the scan was run. Actions that can be performed within the Devices panel include:

Task

Description

Scan Now

Performs the selected type of scan on the selected devices. The scan options include full, quick, custom and network. If you select custom or network, you need to browse and select the relevant custom or network scan policy.

Update Malware Signature

Forces a Malware Signature update on the selected devices, if the signature is out dated.

Update Antimalware Agent

Forces an Antimalware Agent update on the selected devices if the Antimalware Agent is outdated on the selected devices.

Refresh

Updates the scan-related information in the dashlet.

Show or Hide columns

Click to show or hide columns within the Devices panel.

Search

Filters the data displayed in the table by specifying the device name or the user name in the search field.

For general information about using the ZENworks Dashboard, reference the Help at Home > Dashboard.

5.1.3 Top Malware Threats

This dashlet displays the list of top malware threats in the zone. By default, the top malware threats are displayed based on the number of infected devices. You can modify the filters to display the top malware threats based on the most number of devices with unresolved threats or the most recently detected malware threats. You can also filter the data based on a particular threat type. The threat types include, Adware, Application, Archive Bomb, Dialer, Rootkit, Spyware and Virus. When you hover over each list item, the type of threat and the number of infected devices are displayed.

This dashlet can be customized to best fit your needs. You can also create multiple custom dashlets, if required. For example, you can create a dashlet for the Windrows 10 devices in the zone with the most number of threats or, you can create a dashlet to identity the top virus threat based on the number of devices impacted by it.

Modify the Data Displayed

To modify the data that is displayed, expand the sections in the filter panel, modify the required filters and apply the changes. The data can be filtered based on the device folders, device groups, device type, operating system, detection period and threat type.

Execute Actions from the Threats Panel

The Threats panel displays the threats based on the criteria defined in the filter panel. It provides information about the threat name, the number of devices impacted by the threat, the number of devices on which the threat is still unresolved and when the threat was first and last detected.

When you click a link in one of the applicable columns (Name, Total Devices, or Unresolved Devices), it will take you to a page that shows details for the threat on that row. Here you can view specific details about the threat and the devices it has infected. Links in the Name and Total Device column will display threat details that include all infected devices regardless of the Threat Status. Links in the Unresolved Devices column will display the threat details, but will only list infected devices that have an “Unresolved” threat status.

Other actions that can be performed within the Threats panel include:

Task

Description

Show or Hide columns

Click to show or hide columns within the Threats panel.

Search

Filters the data displayed in the table by specifying the device name or the user name in the search field.

5.1.4 Device Malware Signature Version

This dashlet displays the list of Malware Signature versions that are installed on devices in the zone. The data is displayed by default in the form of a bar chart. You can apply the relevant filters to display the Malware Signature versions based on device folders, device groups, device types, operating systems and specific versions. When you hover over each list item, the type of threat and the number of infected devices are displayed.

If you want to view data for Antimalware Agent versions installed on devices, you can create a custom dashlet by selecting and applying the Antimalware Agent Version option under Primary or Secondary Grouping in the Group Data panel.

Modify the Data Displayed

To modify the data that is displayed, expand and modify any of the sections in the Filter panel or the Group Data panel and then apply your changes.

Filter Panel

The Filter panel enables you to view data based on device folders, device groups, device type, operating system, malware signature version and Antimalware Agent version.

Group Data Panel

To group the data and stack it in the chart, select the required options from the Primary Grouping and Secondary Grouping fields. When the Primary and Secondary data are grouped, the information is displayed as a stacked bar graph, else it is displayed as a bar graph.

Execute Actions from the Devices Panel

The Devices panel displays the devices that meet the criteria defined in the dashlet filter panel. You can also filter the list by searching for a particular device name in the search field.

For information about other actions and options you have in the Devices panel, see the following table:

Task

Description

Scan Now

Performs the selected type of scan on the selected devices. The scan options include Full, Quick, Custom, and Network. If you select Custom or Network, you need to browse and select the relevant Custom or Network Scan policy.

NOTE:Custom Scan and Network Scan policies in the selection list are not filtered for device assignments when you select a policy for a Custom or Network scan, so you need to ensure the selected policy is assigned to the device.

Update Malware Signature

Forces a Malware Signature update on the selected devices if the signature is out dated.

Update Antimalware Agent

Forces an Antimalware Agent update on the selected devices if the Antimalware Agent is outdated on the selected devices.

Show or Hide columns

Click to show or hide columns within the Devices panel.

Search

Filters the data displayed in the table by specifying the device name or the user name in the search field.