Kaspersky Security Center 13.1
13.1
English

Contents

Event selections

Information about events in the operation of Kaspersky Security Center and managed applications is saved both in the Administration Server database and in the Microsoft Windows system log. You can view information from the Administration Server database in the workspace of the Administration Server node, on the Events tab.

Information on the Events tab is represented as a list of event selections. Each selection includes events of a specific type only. For example, the "Device status is Critical" selection contains only records about changes of device statuses to "Critical". After application installation, the Events tab contains some standard event selections. You can create additional (custom) event selections or export event information to a file.

In this section

Viewing an event selection

Customizing an event selection

Creating an event selection

Exporting an event selection to a text file

Deleting events from a selection

Adding applications to exclusions by user requests
Page top
[Topic 3628]

Viewing an event selection

To view the event selection:

  1. In the console tree, select the node with the name of the required Administration Server.
  2. In the workspace of the node, select the Events tab.
  3. In the Event selections drop-down list, select the relevant event selection.

    If you want events from this selection to be continuously displayed in the workspace, click the star icon () next to the selection.

The workspace will display a list of events, stored on the Administration Server, of the selected type.

You can sort information in the list of events in ascending or descending order in any column.

See also

Scenario: Monitoring and reporting
Page top
[Topic 3629]

Customizing an event selection

To customize an event selection:

  1. In the console tree, select the node with the name of the required Administration Server.
  2. In the workspace of the node, select the Events tab.
  3. Open the relevant event selection on the Events tab.
  4. Click the Selection properties button.

In the event selection properties window that opens you can configure the event selection.

See also:

Scenario: Monitoring and reporting
Page top
[Topic 3632]

Creating an event selection

To create an event selection:

  1. In the console tree, select the node with the name of the required Administration Server.
  2. In the workspace of the node, select the Events tab.
  3. Click the Create a selection button.
  4. In the New event selection window that opens, enter the name of the new selection and click OK.

A selection with the name that you specified is created in the Event selections drop-down list.

By default, a created event selection contains all events stored on the Administration Server. To cause a selection to display only the events you want, you must customize the selection.

See also:

Scenario: Monitoring and reporting
Page top
[Topic 3631]

Exporting an event selection to a text file

To export an event selection to a text file:

  1. In the console tree, select the node with the name of the required Administration Server.
  2. In the workspace of the node, select the Events tab.
  3. Click the Import/Export button.
  4. In the drop-down list, select Export events to file.

The Events Export Wizard starts. Follow the instructions of the Wizard.

See also:

Scenario: Monitoring and reporting
Page top
[Topic 3633]

Deleting events from a selection

To delete events from a selection:

  1. In the console tree, select the node with the name of the relevant Administration Server.
  2. In the workspace of the node, select the Events tab.
  3. Select the events that you want to delete by using a mouse, the Shift key, or the Ctrl key.
  4. Delete the selected events in one of the following ways:
    • By selecting Delete in the context menu of any of the selected events.

      If you select the Delete All item from the context menu, all displayed events will be deleted from the selection, regardless of your choice of events to delete.

    • By clicking the Delete event link (if one event is selected) or the Delete events link (if several events are selected) in the information box for these events.

The selected events are deleted.

See also:

Scenario: Monitoring and reporting
Page top
[Topic 3634]

Adding applications to exclusions by user requests

When you receive user requests to unblock erroneously blocked applications, you can create an exclusion from the Adaptive Security rules for these applications. Consequently, the applications will no longer be blocked on users' devices. You can track the number of user requests on the Monitoring tab of Administration Server.

To add applications blocked by Kaspersky Endpoint Security to exclusions by user requests:

  1. In the console tree, select the node with the name of the required Administration Server.
  2. In the workspace of the node, select the Events tab.
  3. In the Event selections drop-down list, select User requests.
  4. Right-click the user request (or several user requests) containing applications that you want to add to exclusions, and then select Add exclusion.

    This starts the Add Exclusion Wizard. Follow its instructions.

The selected applications will be excluded from the Triggering of rules in Smart Training state list (under Repositories in the console tree) after the next synchronization of the client device with the Administration Server, and will no longer appear in the list.

See also:

Scenario: Monitoring and reporting
Page top
[Topic 173819]