Antivirus metrics

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Antivirus Metrics

    The Antivirus Scanning plugin enhances your instance's protection against virus infections from attachments. It provides metrics for the last 60 days of activity, enabling you to evaluate the effectiveness of the antivirus functions.

    Show full answer Show less

    Key Features

    • Antivirus Events: Track the number of antivirus events by date through a color-coded graph. Key colors represent specific actions:
      • Blue: Files quarantined.
      • Green: Infected files downloaded and quarantined.
      • Yellow: Quarantined files deleted.
      • Orange: Quarantined files restored.
    • KPI Details Page: Access detailed analytics by clicking on the graph lines, providing breakdowns by event source and type.
    • Quarantined Files List: View details about infected files, including file name, content type, and the user responsible for the quarantine.

    Key Outcomes

    By monitoring antivirus metrics, you can proactively manage and assess security within your instance. You can restore files identified as false positives, ensuring smooth operations while maintaining security. Additionally, adding relevant tiles to the Event ribbon allows for quick access to vital information about quarantined files and virus types.

    If the Antivirus Scanning plugin is activated, Antivirus Scanning runs in your instance to help protect it against virus infections from attachments.

    The following metrics appear for the last 60 days of activity, and enable you to assess the effectiveness of the Antivirus Scanning functions.

    Antivirus Events

    Antivirus Events indicate the number of antivirus events in your instance, by date. To access the antivirus events, navigate to System Security > Instance Security Center and select the Metrics tab. Color coded graph lines represent the following types of antivirus events:
    Color Description
    Blue Number of files quarantined by Antivirus Scanning in this instance for the indicated date.
    Green Number of infected files downloaded to the instance, and then quarantined for the indicated date. These files are primarily email attachments that contain a virus or rouge code.
    Yellow Number of quarantined files in the instance that were deleted for the indicated date.
    Orange Number of quarantined files in the instance that were restored for the indicated date.
    Note:
    After Antivirus Scanning runs and finds any false positives, you can restore a quarantined file and make it accessible in the instance.
    • To access the KPI Details page and view the analytics information for a specific date, click a colored line in the Antivirus Events graph. For example, click the blue graphics line to view analytics information for files quarantined for a specific date.
    • To view the following breakdowns in the KPI Details page, click Breakdown icon, then click:
      Breakdown Description
      AppSec - Antivirus Event Source Source of the antivirus event.
      • On Upload: Occurred due to an upload of an infected file, usually an attachment.
      • From Quarantine: Occurred due to the quarantine of an infected file, usually an attachment.
      • On Download: Occurred due to a download of an infected file, usually an attachment.
      • From Record: Occurred due to an infected record in a table.
      AppSec - Antivirus Event Type Type of antivirus event.
      • Quarantined: Occurred due to the quarantine of a file, usually an attachment.
      • Downloaded: Occurred due to a download of a file, usually an attachment.
      • Restored: Occurred due to the restoration of a quarantined file.
      • Deleted: Occurred due to the deletion of a quarantined file.
      AppSec - Antivirus Uploader Name of the logged in user who uploaded the files that were the source of virus infections detected by the Antivirus Scanning application.

    Quarantined Files

    Lists the infected files in the instance quarantined by Antivirus Scanning:
    Field Description
    File name Name of the infected file.
    Content type Type of content that was infected in the file. For example, application/x-dosexec is an infected application or DOS executable file, while text/plain is an infected .txt file.
    Table Name of the table that contains the infected file. For example, incident appears for an incident file record.
    Virus Name of the file quarantined by Antivirus Scanning.
    Detected Date and time the infected file was detected.
    Created By Name of the user who quarantined the infected file.
    Created Date and time the quarantine file record was created.
    Table sys ID Table system identifier assigned to the quarantine file record.
    Note:
    You can also add Quarantined Files and Virus Types tiles to the Event ribbon. To learn more, see Monitor security events and Configure the security event ribbon.