Malware Incident detail
SECURITY Full Access or Team Access privileges in Workplace Manager
NAVIGATION
NOTE Malware detection is supported on all versions of Workplace Server and Workplace Desktop for Windows and Mac, but we recommend that you use the most recent versions to enjoy the best possible user experience.
The Workplace Security Detection & Management feature is designed to contain malware attacks and to keep them from spreading.
Each malware-infected file will generate a security incident. In addition, the Workplace Security Incident & Management feature alerts you to malware attacks on both your project files and your backup files. As a result, you may see more than one incident for the same malware attack. We strongly recommend that you resolve ALL incidents to help ensure the security of your team's devices and data.
Files that are suspected of being infected by malware are automatically quarantined upon incident detection and made unavailable.
When the malware incident source is project-related:
If the affected file is new, it is automatically deleted upon malware detection. You can recover it if you find that the malware incident was unfounded. If the affected file is a new version, it is automatically reverted to the last clean version of the file. Again, you can return to the quarantined version if the malware incident was unfounded.
When the malware incident source is backup-related:
The affected file is automatically quarantined upon malware detection. The file (or the affected file version) will not be available for restore or download in the future unless it is released from quarantine in this interface. Only release suspicious files from quarantine if you are certain that the malware incident is unfounded.
IMPORTANT If a file designated for backup is infected with malware, it must be manually removed from the device from which it originated, as the Workplace service cannot delete files from your device.
About the Malware Incident detail page
This page provides all the information and management tools you need to handle any malware incidents detected by Workplace. You can review incident details, download the affected file, release the suspicious file from quarantine, generate a report, and track the incident through its lifecycle. The availability of some functions will depend on the current status of the incident.
This section, located at the top of the page, displays the following general information about the incident:
Area | Definition |
---|---|
Name and Status | The name of the incident, which is comprised of the incident type and a unique system-generated alphanumeric code. Also displays the current status of the incident. Possible statuses are: New, Open, and Closed. |
Affected File | The name and path of the file suspected of malware infection. If the incident status is New or Open, the file will have both Deleted and Quarantined flags, as well as a Download button. |
Source |
For malware incidents in projects, this area displays the method by which the quarantined file was added to a project, information about the source, and user name associated with the add event, if available. |
This section displays a timeline summarizing incident handling and information about the reason the incident was triggered. The areas displayed depend on the current status of the incident. All areas that can possibly be displayed are defined below:
Heading | Definition |
---|---|
Incident Event Timeline | |
File added to service |
Information about the source, the user name and user ID associated with the add event, if available, and the method by which the file was added. |
New version added to service | Information about the source, the user name and user ID associated with the update event, if available, and the method by which the file was updated. |
File quarantined | If the affected file is new, this section will simply name the affected file. If the incident originated with a new version of a file, this section will note that the file has been reverted to the last known good version and display the create date of that version. |
File downloaded | If the affected file was downloaded for inspection, this area will display the name of the user who downloaded it. |
Release file from quarantine | If the affected file is new, and was released from quarantine, this area will display the name of the user who performed the action. If the incident originated with a new version of a file, this section will note that the file was released from quarantine and reverted to the previously quarantined version and will display the name of the user who performed the action. |
Incident marked Complete | If a user either marks the incident complete or releases the affected file from quarantine, this area will display their name. |
Virus that triggered Malware incident | |
This area displays the virus name and code, and the name of the virus scan engine. |
How to...
IMPORTANT The file was quarantined for a reason. Please do not download a quarantined file unless you are certain you can manage any associated security risks.
- Click the Download button.
- Click Download in the resulting popup window to confirm your action.
For project files, releasing a file from quarantine will undelete the affected file if it was a new file, or revert the file to the quarantined version.
For backup files, releasing a file from quarantine will make it available for restores and downloads in the future.
The incident will also be automatically marked Complete in either case.
IMPORTANT Please make certain that the malware incident was unfounded before releasing a file from quarantine.
- Click the Release File From Quarantine button.
- Click Confirm in the resulting popup window to complete the process.
- Click the Mark Incident Complete button.
NOTE If there are additional incidents for the same device, you will be asked if you wish to complete all of them. Select the check box to do so.
- Click Complete in the resulting popup window confirm your action.
- Click Report.
- Proceed as your normally would from the resulting print dialog window.