Client Malware Risk Report
The Web > Reporting > Client Malware Risk page is a security-related reporting page that can be used to monitor client malware risk activity.
From the Client Malware Risk page, a system administrator can see which of their users are encountering the most blocks or warnings. Given the information gathered from this page, the administrator can click on the user link to view what this user doing on the web that makes them run into so many blocks or warnings and setting off more detections than the rest of the users on the network.
Additionally, the Client Malware Risk page lists client IP addresses involved in frequent malware connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to malware sites may be infected with malware that is trying to connect to a central command and control server and should be disinfected.
The following table describes the information on the Client Malware Risk page.
|
Section |
Description |
|---|---|
|
Time Range (drop-down list) |
A menu that allows you to choose the time range of the data contained in the report. For more information, see Choosing a Time Range for Reports. |
|
Web Proxy: Top Clients Monitored or Blocked |
This chart displays the top ten users that have encountered a malware risk. |
|
L4 Traffic Monitor: Malware Connections Detected |
This chart displays the IP addresses of the ten computers in your organization that most frequently connect to malware sites. This chart is the same as the “Top Client IPs” chart on the L4 Traffic Monitor Report. See that section for more information and chart options. |
|
Web Proxy: Client Malware Risk |
The Web Proxy: Client Malware Risk table shows detailed information about particular clients that are displayed in the Web Proxy: Top Clients by Malware Risk section. You can click each user in this table to view the User Details page associated with that client. For information about that page, see the User Details (Web Reporting). Clicking on any of the links in the table allows you to view more granular details about individual users and what activity they are performing that is triggering the malware risk. For example, clicking on the link in the “User ID / Client IP Address” column takes you to a User page for that user. |
|
L4 Traffic Monitor: Clients by Malware Risk |
This table displays IP addresses of computers in your organization that frequently connect to malware sites. This table is the same as the “Client Source IPs” table on the L4 Traffic Monitor Report. For information about working with this table, see that section. |
Tip | To customize your view of this report, see Working with Web Security Reports. |