Anti-malware events
For general best practices related to events, see About Deep Security event logging.
To see the anti-malware events captured by Deep Security, go to Events & Reports > Events > Anti-Malware Events.
Information displayed for anti-malware events
The following columns can be displayed on the Anti-Malware Events page. To select which columns to display, click Columns.
- Time: The time when the event took place on the computer.
- Computer: The computer on which this event was logged. If the computer has been removed, this entry reads Unknown Computer.
- Infected Files: The location and name of the infected file.
- Tags: Event tags associated with this event.
- Malware: The name of the malware that was found.
- Action Taken: The results of the actions specified in the malware scan configuration associated with the event.
- Cleaned: The message notifying that Deep Security successfully terminated processes or deleted registries, files, cookies, or shortcuts, depending on the type of malware.
- Clean Failed: The message notifying that malware could not be cleaned for a variety of possible reasons. If the clean action (which is only available for a limited subset of viruses) fails, the secondary action is quarantine.
- Deleted: The message notifying that an infected file was deleted.
- Delete Failed: The message notifying that an infected file could not be deleted for a variety of possible reasons. For example, the file is locked by another application, is on a CD, or is in use. If possible, Deep Security will delete the infected file once it is released. Even if the delete action fails, any attempt by the system or the user to interact with the file or execute it will be denied during the real-time scan.
- Quarantined: The message notifying that an infected file was moved to the identified files folder.
- Quarantine Failed: The message notifying that an infected file could not be quarantined for a variety of possible reasons. For example, the file is locked by another application, is on a CD, or is in use. If possible, Deep Security will quarantine the infected file once it is released. It is also possible that the maximum disk space used to store identified files (specified on the Policy or Computer Editor > Anti-Malware > Advanced tab) has been exceeded. Even if the quarantine action fails, any attempt by the system or the user to interact with the file or execute it will be denied during the real-time scan.
- Access Denied: The message notifying that Deep Security has prevented the infected file from being accessed without removing the file from the system.
- Passed: The message notifying that Deep Security did not take any action but logged the detection of the malware.
- Scan Type: The type of scan that found the malware (real-time, scheduled, or manual).
- Event Origin: Indicates from which part of the Deep Security system the event originated.
- Reason: The malware scan configuration that was in effect when the malware was detected.
- Major Virus Type: The type of malware detected. The possible values are Joke, Trojan, Virus, Test, Spyware, Packer, Generic, and so on. For information on these types of malware, see the anti-malware event details or see About Anti-Malware
- Targets: The file, process, or registry key (if any) that the malware was trying to affect. If the malware was trying to affect more than one, this field would contain the value Multiple.
- Target Type: The type of system resource that this malware was trying to affect, such as the file system, a process, or Windows registry.
- Container ID: ID of the Docker container where the malware was found.
- Container Image Name: The image name of the Docker container where the malware was found.
- Container Name: The name of the Docker container where the malware was found.
- File MD5: The MD5 hash of the file.
List of anti-malware events
The following table provides a list of all available anti-malware events:
| ID | Severity | Event |
| 9001 | Info | Anti-Malware Scan Started |
| 9002 | Info | Anti-Malware Scan Completed |
| 9003 | Info | Anti-Malware Scan Terminated Abnormally |
| 9004 | Info | Anti-Malware Scan Paused |
| 9005 | Info | Anti-Malware Scan Resumed |
| 9006 | Info | Anti-Malware Scan Cancelled |
| 9007 | Warning | Anti-Malware Scan Cancel Failed |
| 9008 | Warning | Anti-Malware Scan Start Failed |
| 9009 | Warning | Anti-Malware Scan Stalled |
| 9010 | Error | File cannot be analyzed or quarantined (VM maximum disk space used to store identified files exceeded) |
| 9011 | Error | Maximum disk space used for storing identified files exceeded. Older identified files might be purged or newly-detected files might not be analyzed or quarantined. |
| 9012 | Warning | Smart Protection Server Disconnected for Smart Scan |
| 9013 | Info | Smart Protection Server Connected for Smart Scan |
| 9014 | Warning | Computer reboot is required for Anti-Malware protection |
| 9016 | Info | Anti-Malware Component Update Successful |
| 9017 | Error | Anti-Malware Component Update Failed |
| 9018 | Error | Files could not be scanned for malware |
| 9019 | Error | Directory could not be scanned for malware |