Searching events by processing results in EPP applications
To search events by processing results in EPP applications in design mode:
These are Kaspersky applications that are installed on workstations or servers within the enterprise IT infrastructure to protect these devices against viruses and other computer security threats. They are hereinafter also referred to as EPP.
Select the Threat Hunting section, Builder tab in the application web interface window.
This opens the event search form.
To search events by processing status:
In the search criteria drop-down lost in the Detect and processing result group, select ThreatStatus.
In the drop-down list of comparison operators, select one of the following options:
= (equals)
!= (does not equal)
In the drop-down list of event processing status, select one of the following options:
Object clean.
Object disinfected.
False positive.
Object added by user.
Object added to exclusions.
Object deleted.
Object quarantined.
Object not found.
Object rolled back.
Object cannot be processed.
Object not processed.
Processing terminated.
Unknown.
To search events by reasons why they were not processed:
In the search criteria drop-down lost in the Detect and processing result group, select UntreatedReason.
In the drop-down list of comparison operators, select one of the following options:
= (equals)
!= (does not equal)
In the drop-down list of reasons why the events were not processed, select one of the following options:
Object already processed.
Application is running in Report only mode.
Failed to back up object.
Failed to copy object.
Device not ready.
Object blocked.
No rights to perform action.
Object not curable.
Object not overwritable.
Object not found.
No free space on disk.
Processing canceled.
Processing postponed.
Processing task stopped.
Error reading data.
Reason unknown.
Object is critical system.
Data write error.
Data write not supported.
Object write-protected.
If you want to add a new condition, use the AND or OR logical operator and repeat the necessary actions for adding a condition.
If you want to add a group of conditions, click the Group button and repeat the actions necessary for adding conditions.
If you want to delete a group of conditions, click the Remove group button.
If you want to search events that occurred during a specific period, in the Any time drop-down list select one of the following event search periods:
Any time if you want the table to display events found as far back as the records go.
Last hour if you want the table to display events that were found during the last hour.
Last day if you want the table to display events found during the last day.
Custom range if you want the table to display events found during the period you specify.
If you have selected the Custom range display period for found events:
In the calendar that opens, specify the start and end dates of the event display range.
Click Apply.
The calendar closes.
Click Search.
The table of events that satisfy the search criteria is displayed.