Antivirus metrics

  • Rversion finale: Australia
  • Mis à jour 12 mars 2026
  • 2 minutes de lecture

    • If the Antivirus Scanning plugin is activated, Antivirus Scanning runs in your instance to help protect it against virus infections from attachments.

    The following metrics appear for the last 60 days of activity, and enable you to assess the effectiveness of the Antivirus Scanning functions.

    Antivirus Events

    Antivirus Events indicate the number of antivirus events in your instance, by date. To access the antivirus events, navigate to System Security > Instance Security Center and select the Metrics tab. Color coded graph lines represent the following types of antivirus events:
    Color Description
    Blue Number of files quarantined by Antivirus Scanning in this instance for the indicated date.
    Green Number of infected files downloaded to the instance, and then quarantined for the indicated date. These files are primarily email attachments that contain a virus or rouge code.
    Yellow Number of quarantined files in the instance that were deleted for the indicated date.
    Orange Number of quarantined files in the instance that were restored for the indicated date.
    Remarque :
    After Antivirus Scanning runs and finds any false positives, you can restore a quarantined file and make it accessible in the instance.
    • To access the KPI Details page and view the analytics information for a specific date, click a colored line in the Antivirus Events graph. For example, click the blue graphics line to view analytics information for files quarantined for a specific date.
    • To view the following breakdowns in the KPI Details page, click Breakdown icon, then click:
      Breakdown Description
      AppSec - Antivirus Event Source Source of the antivirus event.
      • On Upload: Occurred due to an upload of an infected file, usually an attachment.
      • From Quarantine: Occurred due to the quarantine of an infected file, usually an attachment.
      • On Download: Occurred due to a download of an infected file, usually an attachment.
      • From Record: Occurred due to an infected record in a table.
      AppSec - Antivirus Event Type Type of antivirus event.
      • Quarantined: Occurred due to the quarantine of a file, usually an attachment.
      • Downloaded: Occurred due to a download of a file, usually an attachment.
      • Restored: Occurred due to the restoration of a quarantined file.
      • Deleted: Occurred due to the deletion of a quarantined file.
      AppSec - Antivirus Uploader Name of the logged in user who uploaded the files that were the source of virus infections detected by the Antivirus Scanning application.

    Quarantined Files

    Lists the infected files in the instance quarantined by Antivirus Scanning:
    Field Description
    File name Name of the infected file.
    Content type Type of content that was infected in the file. For example, application/x-dosexec is an infected application or DOS executable file, while text/plain is an infected .txt file.
    Table Name of the table that contains the infected file. For example, incident appears for an incident file record.
    Virus Name of the file quarantined by Antivirus Scanning.
    Detected Date and time the infected file was detected.
    Created By Name of the user who quarantined the infected file.
    Created Date and time the quarantine file record was created.
    Table sys ID Table system identifier assigned to the quarantine file record.
    Remarque :
    You can also add Quarantined Files and Virus Types tiles to the Event ribbon. To learn more, see Monitor security events and Configure the security event ribbon.