Manage Device


Manage Device offers detailed information about a particular device (after logging in). You can reach this page indirectly via the top level My Devices menu and then by clicking the Manage device button of any of your listed devices. Alternatively you can right-click the tray icon ( Tray icon ) on the device in question itself and select Open portal in its context menu.

Manage Device focuses on a single device. You can start and stop scans, view quarantined files, restore files from ransomware attacks, share files with the Anti-Malware community and change the selection of drives to be included or excluded in your next scan.

There are 5 topics to choose from (each represented as a different tab on this page):

  • Overview (shows device's state & lets you start scans)
  • Quarantine (lists quarantined files on this device)
  • Vault (lists cloned (copied) files to allow recovery from ransomware attacks)
  • Community (lists files the community doesn't have)
  • Settings (lets you select which drives to scan & what directories to exclude)


Overview:

This tab shows the state of your device and lets you start and stop scans. Note: Manual scans are not required as Segira DataGuard actively monitors and protects your system from malware, including ransomware. All drives are automatically scanned when they are discovered the first time. USB sticks and other removable drives may collect malware while attached to other devices. When they are reconnected to this device, they will not be re-scanned automatically. But rest assured, malware won't be allowed to execute due to Segira's active protection. If you want to manually scan and look for malware on a removable drive after plugging it back into you computer, use the Scan now! button.

As indicated, the very first scan will start automatically right after installing Segira DataGuard. It will likely take several minutes or even an hour or longer, depending on the number and speed of your hard drives that are connected and the number of files on them. Consecutive scans will be much faster as we will scan only new or modified files. Unlike so many anti-malware products out there, Segira DataGuard scans your entire HD every time. Other products often scan only directories where malware is likely to reside, in order to claim quick scan speeds, with the tradeoff that they fail to examine the entire device. In contrast, we have developed a proprietary algorithm that allows us to re-scan all of your HDs every time at a speed that exceeds that of other products. Protecting your entire device is our highest priority.

When you click the Scan now! button or navigate to this page while a scan is in progress, the device avatar will show a progress circle along with the number of items scanned so far and also an ever changing file name representing the item being scanned at this moment. Since Larry isn't currently connected to the Segira cloud, starting a scan will produce the image seen here. The moment Larry does re-connect to the internet it will be instructed to initiate or continue an ongoing scan and you will see the progress here.
Overview


Quarantine:

Clicking the Quarantine tab will display a list of quarantined or immobilized files on your device along with their (file) names, (directory) locations, threat names, categories and the risks these items pose to your device (if they were allowed to execute). The list is ordered and displayed from highest to lowest risk. Note: Segira DataGuard prevents these files from executing but they remain at the indicated location until they are deleted manually or programmatically.

Risks include:
High (red): Extreme caution is advised. This is a known, vicious threat to your device and possibly others on your (home) network. Delete/remove this file as soon as possible.
Medium (orange): Caution is advised. This is a known threat that may cause serious trouble on your device and possibly others on your (home) network. Delete/remove this file.
Low (yellow): This piece of malware may be more of an annoyance than a threat (like a PUA/PUP or Adware). In all other situations Segira may not yet have a full analysis or picture of this threat and we think something is phishy. While we don't want to ring the alarm bells yet we also don't want to sweep this under the rug. As we get a clearer picture, the risk may be elevated, or we may reclassify the piece of software as harmless, in which case it will disappear from this list.

Category tells you what type of malware you are looking at, like PUA/PUP, Adware, Virus, Trojan, Worm, Keylogger, Ransomware, Exploit, Rootkit, Backdoor, Scareware and others.

Threat is the designation for a particular piece of malware. Threats can come in many (sometimes minute) variations. We will give all variants of the same family the same name. Most threats come in the form of an executable file.

File Path displays the directory we found a particular threat in.

File Name shows the name of the file.
Suspicious files

Malware sometimes attempts to hide (see Rootkit). There is no hiding from Segira DataGuard, though. We read and interpret the raw data on a hard drive directly whenever possible. Naturally we also enumerate and analyze all ADSs on NTFS and UDFS drives. Examples of ADSs are visible above, i.e. the first two files with low risk: pacam_pentax_K100D_50R.dll:6y3mbqtrxn4.exe and pacam_pentax_K100D_50R.dll:photostudio6_retail_tbyb_all.exe. The second ':' in the name indicates the file is an ADS. The first stream is named 6y3mbqtrxn4.exe and belongs to the file pacam_pentax_K100D_50R.dll.


Vault:

Segira DataGuard monitors all running apps' file accesses and makes backups of files if deemed necessary. If a certain threshold is exceeded, Segira will block the app from making further changes to files, notifies the user and request a manual classification. For details please refer to the Tray Application help. If you suspect that ransomware was indeed attacking your device, choose to block the app via the Segira window, then go to the Vault tab and restore files that were modified before you and Segira blocked the app from making further changes.

The example below shows that Chrome.exe (the Google's Chrome browser) deleted a bunch of files that Segira felt did not belong to it and thus made backups of before letting Chrome modify them. Segira's determination of file ownership is an adaptive process that will improve over time. As such, it should become more efficient and unnecessary backups less frequent. Given that the files in the example are all located in a ...\Google\Chrome\... folder, it is likely that they do in fact belong to the Chrome browser app and that it wasn't strictly necessary for Segira to back them up.

: Lets you select & deselect the files you would like to restore. You can toggle all selections by clicking on the itself.

File Name: Shows the name of a backed up file.

File Path: Displays the directory of the file that was backed up.

Status: Hints at whether the file was deleted, modified or if it may not have been changed at all (yet it was still written to).

Hit the Restore selected files button to replace or restore files to their previous state (before the app in question altered them). A final warning will pop up, letting you know that if you proceed, this action cannot be undone.

Currently backed up files will be restorable for up to 48 hours. After that Segira DataGuard will delete them as not to fill up you disk unnecessarily.
Vault


Community:

For everyone's benefit we would like to share selected files with the Anti-Malware community. Since files on your devices generally belong to you, we cannot simply share them with anyone else unless you give Segira permission to do so. The Community tab shows a list of files that are unknown to and lets you share them with the Anti-Malware community.

: Lets you select & deselect files you would like to share with the community. You can toggle all selections by clicking on the itself. By default all files are selected.

File Name: Shows the name of a particular file.

File Path: Displays the directory we found a file in.

When you click the Share selected files button, selected files will be uploaded to and analyzed by the community over time whereas all unselected files will be marked as excluded and will show up in a separate list on this very page (see image below). Note: Sharing files cannot be undone.
Community

To demonstrate what this page may look like after clicking Share selected files, we first deselected the last two files and then clicked the button.

As you can see, the Files unknown to the community panel is gone from the tab as of right now. This may change over time, as new, unknown files are discovered and you refresh or navigate back to this page.

Initially deselected files (2 in our example) will now be visible in the Currently excluded files list. If at any point in time you would also like to share these files with the community, just repeat the procedure outlined above.

Lastly, the 3 selected files show up in the Files awaiting upload list. Once the files have been uploaded to the community, they won't appear in this list anymore.
Awaiting upload


Settings:

This tab presents you with a list of available drives on your device. Selected drives will be included in the next device scan, which you can initiate from the overview tab (see above). By default we auto select all fixed, removable & RAM drives (i.e. built in HDs, USB sticks & thumb drives, SD-cards, external USB as well as FireWire & eSata drives). Ejectable media such as CD-Roms, DVD drives as well as floppy drives are not selected by default. Currently you cannot change this default behavior. You can however select or deselect each listed drive individually and Segira will remember your choice for all eternity. A drive has to be present for you to be able to (de)select it. Once you have (un)checked it you can remove the drive and plug it back in and it will remain (un)checked unless you manually change the selection again.

As long as your device is connected to the internet its drives will be updated here in real time. If you have the Drive Selections tab open and you insert or remove a thumb drive/USB stick, it will appear in or disappear from the list virtually immediately.

Drive: The drive letter assigned to this drive or an empty string, if no drive letter is assigned.

Label: The assigned name of this drive, if any.

Last scan: Indicates how long ago the last scan completed successfully.

Type: The drive's type, i.e. fixed, removable, CDRom & RAM. We currently don't support the scanning of network drives. If your network drive is a physical drive on a different computer, install Segira on that device and scan it from there. This column won't be visible on small screens.

Format: The type of file system used on the drive. This column won't be visible on small screens.

This example also shows 2 exluded directories. See paragraph below on how to add them. Note: Files in C:\Excluded directory and F:\Development\Test Files won't be scanned or monitored and will always be allowed to execute and do whatever they want. So unless you have a really good reason to exclude certain directories, don't do it.
Drive selections
By clicking the Add directory exclusion... button, you can exclude certain directories from being monitored and scanned. Note: If you are a developer and create executable files all day long, you should exclude your development directories or you may experience signifficant slowdowns of your build processes or debug environment as every newly generated PE file will be uploaded to the Segira cloud for analysis before they can be executed or debugged.