About reports

  • Article

Applies To: Forefront Client Security

Client Security provides many types of reports to help you monitor your organization's security status. Many of these reports come in both standard and history versions. The standard versions use 24-hour, 48-hour, and 72-hour time spans, whereas the history versions provide a more broadly configurable time span but do not contain data from the most recent day.

Client Security doesn't support custom reports or command-line operations that query for information and statistics.

The following table lists reports available on the reporting Web server. In addition, each of the summary reports are accessible from links on the dashboard. For more information, see Using dashboard summary reports.

Report type Describes

Alerts History and Summary

Alerts reported during a configurable time span, including a breakdown of alerts reported per day during the time span. For this report, an alert is a MOM alert raised by a specific client computer during the time span. MOM may consolidate alerts from many computers into one alert, but in these reports, Client Security splits consolidated alerts into separate alerts.

Alert Detail and Detail History

A specific alert, including:

  • A description of the alert.

  • A trend chart for the alert's instances.

  • Computers that reported the alert.

Alert Instance Detail and History Detail

A specific instance of an alert, including:

  • A description of the alert.

  • Details about the computer reporting the event that triggered the alert.

  • The event record.

Computer Detail and Detail History

Specific client computers, including:

  • Fully qualified domain name, OUs, IP addresses, media access control (MAC) addresses, definition versions, and last malware scans.

  • Any malware detected on the computer during the report time span.

  • SSA results during the report time span.

    Note

    Rarely, under Security State Assessment Details, the Score column may contain No Score for an SSA scan, even though the scan contains results for individual checks. This occurs when the collection server did not receive from the client an event message indicating that the scan completed.

  • A list of Client Security events collected during the report time span.

Computers History and Summary

The number of managed computers requiring attention for various issues, during a configurable time span. These reports show data for all managed computers in the Client Security deployment, provided that the MOM agent is operating correctly. Inclusion of a computer in these reports is not dependent on whether the Client Security antimalware or SSA services are installed.

Connectivity Summary

How recently computers have contacted the Client Security collection server.

Deployment Summary

Status of deployment of policies, spyware definitions, virus definitions, and Client Security client engine.

Note

For the status of definition and engine deployments, Client Security generates this report with the assumption that the newest version reported by clients is the current version. If a user manually updates one of these components with a version newer than you have approved in WSUS, all other clients on this report appear to have out-of-date versions.

Deployment Version Status

Reporting on five Client Security components, as reflected in the following five reports:

  • Spyware Definitions Deployment Status

  • Virus Definitions Deployment Status

  • Antimalware Engine Deployment Status

  • Vulnerabilities Engine Deployment Status

  • Vulnerabilities Definitions Deployment Status

These reports provide information about the version of the applicable component on each managed computer. By default, the data are grouped by computer.

Malware Detail and Detail History

Specific malware detected during a configurable time span.

Malware History and Summary

All malware detected during a configurable time span.

Malware Instance Detail

A specific instance of malware.

Security State Assessment History and Summary

Vulnerabilities found during a configurable time span. The summary report presents the results of the most recent SSA scan. The historical report presents the most severe result for each possible vulnerability detected during the report time span.

Security Summary

The security state of the managed computers protected by Client Security, including the following:

  • Policy deployment status chart

  • Connectivity summary status chart

  • For the following areas, a summary of the current state and a trend chart for the past 30 days:

    • Computers reporting issues

    • Malware found

    • Security state assessment results

    • Alerts

Vulnerability Detail and Detail History

A specific vulnerability detected during a configurable time span.

Vulnerability Instance Detail

A specific instance of a vulnerability.

The following table lists reports accessible under Issues on the Client Security console. For more information, see Interpreting dashboard data.

Report Describes

Malware detected (Computers Having Malware Issues)

Computers on which Client Security found malware during the last 24, 48, or 72 hours.

Vulnerability detected (Computers Having Critical Vulnerability Issues)

Computers on which Client Security found critical vulnerabilities during the last 24, 48, or 72 hours.

Out-of-date policy detected (Computers Having Policy Deployment Issues)

Computers to which Client Security has failed to deploy policies during the last 24, 48, or 72 hours.

Alerts detected (Computers Having Alert Issues)

Computers for which an alert was issued during the last 24, 48, or 72 hours.