Malware Incident detail
SECURITY Full Access or Team Access privileges in File Protection Manager
SECURITY Administrators
NAVIGATION
NOTE File Protection Malware Detection & Management is supported on all versions of File Protection Server and File Protection Desktop for Windows and Mac, but we recommend that you use the latest versions to enjoy the best possible user experience.
The File Protection Security Incident Detection & Management feature is designed to prevent users from downloading or restoring files affected by malware attacks, and to minimize the time it takes to revert to your last known-good backup set.
Each malware-infected file will generate a security incident. We strongly recommend that you resolve ALL incidents to help ensure the security of your team's devices and data.
Files that are suspected of being infected by malware are automatically quarantined in File Protection upon malware detection. The file (or the affected file version) will not be available for restore or download in the future unless it is released from quarantine in this interface. Only release suspicious files from quarantine if you are certain that the malware incident is unfounded.
IMPORTANT If a file designated for backup is infected with malware, it must be manually removed from the device from which it originated, as the File Protection service cannot delete files from your device.
About the Malware Incident detail page
This page provides all the information and management tools you need to handle any malware incidents detected by File Protection. You can review incident details, download the affected file, release the suspicious file from quarantine, generate a report, and track the incident through its lifecycle. The availability of some functions will depend on the current status of the incident.
Incident summary
This section, located at the top of the page, displays the following general information about the incident:
| Area | Definition |
|---|---|
| Name and Status | The name of the incident, which is comprised of the incident type and a unique system-generated alphanumeric code. Also displays the current status of the incident. Possible statuses are: New, Open, and Closed. |
| Affected File | The name and path of the file suspected of malware infection. If the incident status is New or Open, the file will have a Quarantined flag, as well as a Download button. |
| Source |
This area displays the name of the device being backed up, as well as the device owner and their email address. |
Incident details
This section displays a timeline summarizing incident handling and information about the reason the incident was triggered. The areas displayed depend on the current status of the incident. All areas that can possibly be displayed are defined below:
| Heading | Definition |
|---|---|
| Incident Event Timeline | |
| File added to service |
Information about the source, the user name and user ID associated with the affected file. |
| New version added to service | Information about the source, the user name, and user ID associated with the update event. |
| File quarantined | If the affected file is new, this section will simply name the affected file. If the incident originated with a new version of a file, this section will note that the file has been reverted to the last known good version and display the create date of that version. |
| File downloaded | If the affected file was downloaded for inspection, this area will display the name of the user who downloaded it. |
| Release file from quarantine | If the affected file is new, and was released from quarantine, this area will display the name of the user who performed the action. If the incident originated with a new version of a file, this section will note that the file was released from quarantine and reverted to the previously quarantined version and will display the name of the user who performed the action. |
| Incident marked complete | If a user either marks the incident complete or releases the affected file from quarantine, this area will display their name. |
| Virus that triggered Malware incident | |
| This area displays the virus name and code, and the name of the virus scan engine. | |
How to...
Download the affected file
IMPORTANT The file was quarantined for a reason. Please do not download a quarantined file unless you are certain you can manage any associated security risks.
- Click the Download button.
- Click Download in the resulting popup window to confirm your action.
Release the affected file from quarantine
Releasing a file from quarantine will make it available for restores and downloads in the future.
The incident will also be automatically marked Complete in either case.
IMPORTANT Please make certain that the malware incident was unfounded before releasing a file from quarantine.
- Click the Release File From Quarantine button.
- Click Confirm in the resulting popup window to complete the process.
Complete the incident
- Click the Mark Incident Complete button.
NOTE If there are additional incidents for the same device, you will be asked if you wish to complete all of them. Select the check box to do so.
- Click Complete in the resulting popup window confirm your action.
Generate an incident report
- Click Report.
- Proceed as your normally would from the resulting print dialog window.
