Manage Device offers detailed information about a particular device (after
You can reach this page indirectly via the top level
menu and then by clicking the Manage device button of any of your listed devices.
Alternatively you can right-click the
) on the device in question itself and select Open portal in its context menu.
Manage Device focuses on a single device. You can start and stop scans,
view quarantined files, restore files from ransomware attacks, share files with the
Anti-Malware community and change the selection of drives to be included or excluded
in your next scan.
There are 5 topics to choose from (each represented as a different tab on this page):
- Overview (shows device's state & lets you start scans)
- Quarantine (lists quarantined files on this device)
- Vault (lists cloned (copied) files to allow recovery from ransomware attacks)
- Community (lists files the community doesn't have)
- Settings (lets you select which drives to scan & what directories to exclude)
This tab shows the state of your device and lets you start and stop scans. Note:
Manual scans are not required as Segira DataGuard actively monitors and protects
your system from malware, including ransomware. All drives are automatically scanned
when they are discovered the first time. USB sticks and other removable drives may
collect malware while attached to other devices. When they are reconnected to
this device, they will not be re-scanned automatically. But rest assured, malware won't
be allowed to execute due to Segira's active protection. If you want to manually scan
and look for malware on a removable drive after plugging it back into you computer, use
the Scan now! button.
As indicated, the very first scan will start automatically right after installing Segira
DataGuard. It will likely take several minutes or even an hour or longer, depending on
the number and speed of your hard drives that are connected and the number of files on
them. Consecutive scans will be much faster as we will scan only new or modified files.
Unlike so many anti-malware products out there, Segira DataGuard scans your entire
HD every time. Other products often scan only directories where malware is likely to
reside, in order to claim quick scan speeds, with the tradeoff that they fail to examine
the entire device. In contrast, we have developed a proprietary algorithm that allows us
to re-scan all of your HDs every time at a speed that exceeds that of other products.
Protecting your entire device is our highest priority.
When you click the Scan now! button or navigate to this page while
a scan is in progress, the device avatar will show a progress circle along
with the number of items scanned so far and also an ever changing file
name representing the item being scanned at this moment. Since Larry
isn't currently connected to the Segira cloud, starting a scan will produce
the image seen here. The moment Larry does re-connect to the internet
it will be instructed to initiate or continue an ongoing scan and you will
see the progress here.
Clicking the Quarantine tab will display a list of quarantined or immobilized
files on your device along with their (file) names, (directory) locations, threat
names, categories and the risks these items pose to your device (if they were allowed
to execute). The list is ordered and displayed from highest to lowest risk. Note:
Segira DataGuard prevents these files from executing but they remain at the
indicated location until they are deleted manually or programmatically.
• High (red):
Extreme caution is advised. This is a known, vicious threat to your device
and possibly others on your (home) network. Delete/remove this file as soon as possible.
• Medium (orange):
Caution is advised. This is a known threat that may cause serious trouble
on your device and possibly others on your (home) network. Delete/remove this file.
• Low (yellow):
This piece of malware may be more of an annoyance than a threat (like a
). In all other situations
Segira may not yet have a full analysis or picture of this threat and we think something
is phishy. While we don't want to ring the alarm bells yet we also don't want to sweep
this under the rug. As we get a clearer picture, the risk may be elevated, or we may
reclassify the piece of software as harmless, in which case it will disappear from this list.
tells you what type of malware you are looking at, like
is the designation for a particular piece of malware. Threats can
come in many (sometimes minute) variations. We will give all variants of the same
family the same name. Most threats come in the form of an executable file.
displays the directory we found a particular threat in.
shows the name of the file.
Malware sometimes attempts to hide (see Rootkit
There is no hiding from Segira DataGuard, though. We read and interpret the raw data
on a hard drive directly whenever possible. Naturally we also enumerate and
analyze all ADSs
on NTFS and UDFS drives. Examples of ADSs are visible above, i.e. the first two files with low risk:
The second ':' in the name indicates the file is an ADS. The first stream is named 6y3mbqtrxn4.exe
belongs to the file pacam_pentax_K100D_50R.dll
Segira DataGuard monitors all running apps' file accesses and makes backups of files
if deemed necessary. If a certain threshold is exceeded, Segira will block the app from
making further changes to files, notifies the user and request a manual classification.
For details please refer to the
help. If you suspect that ransomware was indeed attacking your device, choose to block
the app via the Segira window, then go to the Vault tab and restore files
that were modified before you and Segira blocked the app from making further changes.
The example below shows that Chrome.exe (the Google's Chrome browser) deleted a bunch
of files that Segira felt did not belong to it and thus made backups of before
letting Chrome modify them. Segira's determination of file ownership is an adaptive
process that will improve over time. As such, it should become more efficient and
unnecessary backups less frequent. Given that the files in the example are all located
in a ...\Google\Chrome\... folder, it is likely that they do in fact belong to the
Chrome browser app and that it wasn't strictly necessary for Segira to back them up.
: Lets you select &
deselect the files you would like to restore. You can toggle all selections
by clicking on the
File Name: Shows the name of a backed up file.
File Path: Displays the directory of the file that was backed up.
Status: Hints at whether the file was deleted, modified or if it may not
have been changed at all (yet it was still written to).
Hit the Restore selected files button to replace or restore files to
their previous state (before the app in question altered them). A final warning
will pop up, letting you know that if you proceed, this action cannot be undone.
Currently backed up files will be restorable for up to 48 hours. After that
Segira DataGuard will delete them as not to fill up you disk unnecessarily.
For everyone's benefit we would like to share selected files with the Anti-Malware
community. Since files on your devices generally belong to you, we cannot simply share
them with anyone else unless you give Segira permission to do so. The Community
tab shows a list of files that are unknown to and lets you share them with the
: Lets you select &
deselect files you would like to share with the community. You can toggle
all selections by clicking on the
itself. By default all files are selected.
File Name: Shows the name of a particular file.
File Path: Displays the directory we found a file in.
When you click the Share selected files button, selected files will be
uploaded to and analyzed by the community over time whereas all unselected
files will be marked as excluded and will show up in a separate list on this
very page (see image below).
Note: Sharing files cannot be undone.
To demonstrate what this page may look like after clicking Share selected files
we first deselected the last two files and then clicked the button.
As you can see, the Files unknown to the community panel is gone from
the tab as of right now. This may change over time, as new, unknown files are
discovered and you refresh or navigate back to this page.
Initially deselected files (2 in our example) will now be visible in the
Currently excluded files list. If at any point in time you would also
like to share these files with the community, just repeat the procedure
Lastly, the 3 selected files show up in the Files awaiting upload list.
Once the files have been uploaded to the community, they won't appear in this
This tab presents you with a list of available drives on your device. Selected drives
will be included in the next device scan, which you can initiate from the overview tab
(see above). By default we auto select all fixed, removable & RAM
drives (i.e. built in HDs, USB sticks & thumb drives, SD-cards, external USB as well as
FireWire & eSata drives). Ejectable media such as CD-Roms, DVD drives as well
as floppy drives are not selected by default. Currently you cannot change this default
behavior. You can however select or deselect each listed drive individually and Segira
will remember your choice for all eternity. A drive has to be present for
you to be able to (de)select it. Once you have (un)checked it you can remove the drive
and plug it back in and it will remain (un)checked unless you manually change the
As long as your device is connected to the internet its drives will be updated here in
real time. If you have the Drive Selections tab open and you insert or remove a thumb
drive/USB stick, it will appear in or disappear from the list virtually immediately.
Drive: The drive letter assigned to this drive or an empty
string, if no drive letter is assigned.
Label: The assigned name of this drive, if any.
Last scan: Indicates how long ago the last scan completed successfully.
Type: The drive's type, i.e. fixed, removable, CDRom
& RAM. We currently don't support the scanning of network drives.
If your network drive is a physical drive on a different computer, install Segira
on that device and scan it from there. This column won't be visible on small
Format: The type of file system used on the drive. This column won't be
visible on small screens.
This example also shows 2 exluded directories. See paragraph below on how to add
them. Note: Files in C:\Excluded directory and F:\Development\Test Files
won't be scanned or monitored and will always be allowed to execute and do whatever they
want. So unless you have a really good reason to exclude certain directories,
don't do it.
By clicking the Add directory exclusion...
button, you can exclude
certain directories from being monitored and scanned. Note:
If you are a
developer and create executable files all day long, you should exclude your development
directories or you may experience signifficant slowdowns of your build processes or
debug environment as every newly generated PE file will be uploaded to the Segira cloud
for analysis before they can be executed or debugged.