Client Malware Risk Report
The Client Malware Risk report page is a security-related reporting page that can be used to monitor client malware risk activity.
To view the Client Malware Risk report page, select Web from the Product drop-down and choose Monitoring > Client Malware Risk from the Reports drop-down. For more information, see Using the Interactive Report Pages.
From the Client Malware Risk report page, a system administrator can see which of their users are encountering the most blocks or warnings. Given the information gathered from this page, the administrator can click on the user link to view what this user doing on the web that makes them run into so many blocks or warnings and setting off more detections than the rest of the users on the network.
Additionally, the Client Malware Risk page lists client IP addresses involved in frequent malware connections, as identified by the L4 Traffic Monitor (L4TM). A computer that connects frequently to malware sites may be infected with malware that is trying to connect to a central command and control server and should be disinfected.
The following table describes the information on the Client Malware Risk page.
|
Section |
Description |
|---|---|
|
Time Range (drop-down list) |
Choose the time range for your report. For more information, see the Choosing a Time Range for Reports. |
|
Web Proxy: Top Clients Monitored or Blocked |
You can view the top ten users that have encountered a malware risk, in graphical format. To customize the view of the chart, click |
|
L4 Traffic Monitor: Malware Connections Detected |
You can view the IP addresses of the ten computers in your organization that most frequently connect to malware sites, in graphical format. To customize the view of the chart, click This chart is the same as the “Top Client IPs” chart on the Layer 4 Traffic Monitor Page. |
|
Web Proxy: Client Malware Risk |
The Web Proxy: Client Malware Risk interactive table shows detailed information about particular clients that are displayed in the Web Proxy: Top Clients by Malware Risk section. You can click each user in this table to view the User Details page associated with that client. For information about that page, see the User Details Page (Web Reporting). You can click on any of the links in the table to view more granular details about individual users and what activity they are performing that is triggering the malware risk. |
|
L4 Traffic Monitor: Clients by Malware Risk |
The L4 Traffic Monitor: Clients by Malware Risk interactive table displays IP addresses of computers in your organization that frequently connect to malware sites. This table is the same as the “Client Source IPs” table on the Layer 4 Traffic Monitor Page. |
on the chart. For more information, see Tip | To customize your view of this report, see Working with Web Security Reports. |