This article explains and cites examples of the Endpoint Forensic Reports.
To view Forensic Reports, please login to your iSheriff Cloud Console and navigate to Reports à Forensic Reports as shown in the screenshot below.
The Endpoint Forensic Reports contain various reporting options as shown in the screenshot below.
Operating System: Provides the username and hostname/machine details of where an endpoint is installed in addition to a localized date stamp of when the endpoint last reported itself to the iSheriff Cloud.
Blocked Programs: Provides blocked applications information along with username, hostname/machine and full path of the application with the localized date stamp of when the application was blocked.
- Infections Removed: Provides details of the removed infections along with username, hostname/machine, and name of the deleted infection with full path of the infected file with the localized date stamp of the occurrence.
The default endpoint action upon detecting a threat is to quarantine the threat; however, an administrator can configure policy to delete the infection instead.