This article explains and cites examples of the Endpoint Forensic Reports.

To view Forensic Reports, please login to your iSheriff Cloud Console and navigate to Reports à Forensic Reports as shown in the screenshot below.

The Endpoint Forensic Reports contain various reporting options as shown in the screenshot below.

  • Operating System: Provides the username and hostname/machine details of where an endpoint is installed in addition to a localized date stamp of when the endpoint last reported itself to the iSheriff Cloud.

  • Blocked Programs: Provides blocked  applications information along with username, hostname/machine and full path of the application with the localized date stamp of when the application was blocked.

  • Infections Removed: Provides details of the removed infections along with username, hostname/machine, and name of the deleted infection with full path of the infected file with the localized date stamp of the occurrence.



The default endpoint action upon detecting a threat is to quarantine the threat; however, an administrator can configure policy to delete the infection instead.

  • Infections Quarantined:  Provides details of the quarantined infection along with username, hostname/machine, and full file path of the quarantined infection with full path of the infected file with the localized date stamp of the occurrence.

  • Malware Detected: Provides details of the quarantined Infections along with username, hostname/machine, name of the detected malware and full path of the infected file with localized date stamp of the occurrence.

The report can be launched by specifying the desired report data type, appropriate date scope, and inserting specific information such as username, hostname, etc. which are optional parameters used to narrow down the result.

Please contact iSheriff Technical Support Team for further assistance.