Searching events by processing results in EPP programs
To search events by processing results in EPP programs in design mode:
These are Kaspersky applications that are installed on workstations or servers within an enterprise IT infrastructure to protect these devices against viruses and other computer security threats. They are hereinafter also referred to as EPP.
Select the Threat Hunting section, Builder tab in the program web interface window.
This opens the event search form.
To search events by processing status:
In the search criteria drop-down lost in the Detect and processing result group, select ThreatStatus.
In the drop-down list of comparison operators, select one of the following options:
= (equals);
!= (does not equal).
In the drop-down list of event processing status, select one of the following options:
Object clean.
Object disinfected.
False positive.
Object added by user.
Object added to exclusions.
Object deleted.
Object quarantined.
Object not found.
Object rolled back.
Object cannot be processed.
Object not processed.
Processing terminated.
Unknown.
To search events by reasons why they were not processed:
In the search criteria drop-down lost in the Detect and processing result group, select UntreatedReason.
In the drop-down list of comparison operators, select one of the following options:
= (equals);
!= (does not equal).
In the drop-down list of reasons why the events were not processed, select one of the following options:
Object already processed.
Application runs in Report only mode.
Failed to backup object.
Failed to copy object.
Device not ready.
Object locked.
No rights to perform action.
Object not curable.
Object not overwritable.
Object not found.
Disk out of space.
Processing canceled.
Processing postponed.
Processing task stopped.
Data read error.
Reason unknown.
Object is critical system.
Data write error.
Data write not supported.
Object write-protected.
If you want to add a new condition, use the AND or OR logical operator and repeat the necessary actions for adding a condition.
If you want to add a group of conditions, click the Group button and repeat the actions necessary for adding conditions.
If you want to delete a group of conditions, click the Remove group button.
If you want to search events that occurred during a specific period, in the Any time drop-down list select one of the following event search periods:
Any time, if you want the table to display events found for any period of time.
Last hour, if you want the table to display events that were found during the last hour.
Last day, if you want the table to display events found during the last day.
Custom range, if you want the table to display events found during the period you specify.
If you have selected the Custom range display period for found events:
In the calendar that opens, specify the start and end dates of the event display range.
Click Apply.
The calendar closes.
Click Search.
The table of events that satisfy the search criteria is displayed.