Endpoint Protection

I've had some users get viruses through Firefox recently.  Firefox is up-to-date.  OS and SEP (12.1.6_MP) are up-to-date.  I think the viruses are from ads most likely.  (I got an alert on my own machine and I clear out my caches and temp files often.)

I'd like to know for sure if the files SEP is flagging are recent files or if they're something sitting in the Firefox cache/temp folder for a while.  I've got a solution for clearing out temp files, but it probably won't get the most recently ones if a user is still logged in and it won't get anything that is downloaded as the user browses.

If SEP has quarantined a file it identified as a virus, can I still see that file or at least the info on the file?  I'm really only interested in the file date on these quarantined viruses though.

Check the Risk log and select the specific risk hit Details. This give all the info on the detection that it has.

Hm.... Empty.   On my machine here that I know had one a week or so ago.

SEP must purge the quarantined files periodically, right?  But the logs too...?  Hm.  

There's also a "vview quarantine" tab on the left on the main screen.  Nothing there either.

The only way to see logs is on the local machine though?  I can't see anything more for logs on individual machines from the server side at all?

Under "View Logs" I've got system log entires and scan log entires, but nothing at all under Risk Log entries.... 

Specific purge values can be set for both quarantine and client log retention.

Have you checked the SEPM?