BCX Security Information

From BCX Media Wiki
Revision as of 14:27, 10 July 2020 by DavidB (talk | contribs) (Created page with " The BCX Manager is able to alert you to events triggered on stations protected by SCEP, Defender or Sophos antivirus software. The Security Information Tab gives you global...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


The BCX Manager is able to alert you to events triggered on stations protected by SCEP, Defender or Sophos antivirus software.

The Security Information Tab gives you global visibility of your antivirus estate on both stations and servers, and from here, you can view events, acknowledge detections, initiate scans and update definitions.


Acknowledge Detected Threats

This section of the guide will take you through Threat Management.

If a threat has been reported by a station, on opening BCX Manager it will take you straight to the detected event in Security Information. If BCX Manager is already open, it will display a warning in the status bar, which if clicked also displays the detected event.

bcx security information warning.png Image showing sec inf tab with warning


Clicking on the event displays an overview of the threat.


bcx security information threat overview.png Image showing event overview tab


The Events tab allows you to investigate both the threat, and the action taken by the stations virus protection.


bcx security information threat events.png Image showing events tab


Click on each to review the information provided. First the threat.


bcx security information threat event details.png Image showing event details


Then the action taken.


bcx security information threat event action.png Image showing event actions


Once happy that the threat has been resolved, you would select both the threat and action taken events, and acknowledge them.


bcx security information threat acknowledge.png Image showing acknowledging event


The AV Information should then revert to healthy status.


bcx security information no threats.png Image showing Sec inf no threats


Filtering Information

This section of the guide will take you through displaying the available data using various views/filters.

We will start by looking at the "Quick View Tools" Both options available here allow you to view detections in greater detail, and acknowledge threats.


bcx security information quick view.png Image showing Sec inf quick view highlighted


Selecting "View All Unacknowledged Detected Threats" will display a listing of outstanding threats to follow up on.


File:bcx security information quick view unacknowledged.png Image showing quick view unacknowledged


The "View All Detected Threat History" will display all detected threats acknowledged or not


File:bcx security information detected history.png Image showing quick view detected history


We will now look at the available "Filters".

The "Choose Filter" drop down provides access to a set of pre-defined set of filters you can apply to the collected data.


bcx security information filters.png Image showing sec inf filters


You can also select "Advanced Filters" to display the "Filter Editor" for defining your own filters.


bcx security information adv filters.png Image showing sec inf adv filters


From within a stations Events tab, You can select from the Filter Events dropdown to specify the displayed data.


bcx security information station events filter.png Image showing station events filters


AV Tasks

From Security Information, choose a station and either right click to display available options, or choose one from the menus shown in the interface. Basically, the task you choose is run remotely on the selected station.


bcx security information tasks.png Image showing sec inf with tasks highlighted


The "Task Options" available are as follows:

Sync Events with Server - This collects and adds any new events from the selected client

Acknowledge Detected - Becomes available when a detection event is selected, and allows you to acknowledge it.

Quick/Full/Custom Scan - Provides the facility to initiate the chosen scan type on the selected station.

Definition Update - Requests the station to perform an AV definition update.

Remove Computer - Removes the selected station from the AV Information interface.


Client Installation For Servers

Stations with BCX Client will automatically have AV Information collected.

For Servers etc. that don’t have the BCX Client, use the AV Reporting Services Tab to install the AV reporting client.

Click Push MSI to begin a client install. (The Target device will need .NET4.0 pre-installed).


bcx settings av reporting services.png Image showing settings av reporting services


In the resulting interface, either enter the desired station name, or browse for the required server.


bcx settings av reporting services install.png Image showing av install dialogue


Click Push BCX AV Reporting


File:bcx settings av reporting services install push.png Image showing av install dialogue highlight push


After confirming your choice, wait for the installation to complete and press Enter when prompted.


bcx settings av reporting services install complete.png Image showing push complete window


The new deployment will appear in the AV Reporting Services tab, and will also be added to the Security Information Tab in BCX Manager.


bcx settings av reporting services installed.png Image showing av rep services populated


AV Settings

To set up the AV feature in BCX go to File – Settings – AV Information Tab. From here select and adjust the settings as required.


bcx settings av settings.png Image showing av settings


Enable AV information features – Tick to enable AV Information tab in BCX Manager (Default), adjust refresh interval and retention period as required. Untick to disable.

Automatically create AV computer record for all stations - Tick to enable (Default), causes a record to be created for all stations existing in the Station Information tab, with or without an AV installation. Untick to disable.

On detected threat, go to AV Information on manager startup – Tick to enable (Default), forces the BCX Manager on startup, to open at the AV Information tab if a threat has been detected (or threats have not been acknowledged). Untick to disable.

Disable warning not scanned for over 2 weeks – Tick to enable, will not flag stations that have not been scanned for 2 weeks or more. Untick to disable (Default) and have stations not scanned present warnings.


Return to Contents page