Manage Device


Manage Device offers detailed information about a particular device (after logging in). You can reach this page indirectly via the top level My Devices menu and then by clicking the Manage device button of any of your listed devices. Alternatively you can click on the tray icon on the device in question itself and select Open portal in its context menu.

Once you have seen a device (panel) on My Devices, this page will look very familiar as it will show the same header and avatar for any given device. Manage Device focuses on a single device. It lets you start and stop scans, reveals details about suspicious or malicious files, and lets you upload files that require a more in-depth analysis. You also have the opportunity to change the selection of drives to be included or excluded in your next scan.

There are 4 tabs & topics to choose from:

For the examples seen below we use the same 3 devices as seen in the My Devices help: Larry, Curly & Moe.


Dashboard:

The dashboard summarizes the overall state of your device and lets you start and stop scans for malware. Beware: The Segira client is currently a passive anti-malware scanner only. This means it does not protect you from downloading or executing malware on your system. We are working on adding this feature to our next version. For now you have to manually initiate a scan by clicking the Scan now! button when you want your device to be re-analyzed. The first scan will start automatically right after installing the Segira client and may likely take several minutes or even an hour or longer, depending on the number and speed of hard drives connected and the number of files on them. Consecutive scans will be much faster as we will scan only new or modified files. Unlike so many anti-malware products out there, we scan your entire HD every time. Other products often scan only directories where malware is likely to reside, in order to claim quick scan speeds, with the tradeoff that they fail to examine the entire device. In contrast, we have developed a proprietary algorithm that allows us to re-scan all of your HDs every time at a speed that likely beats that of other anti-malware products. Protecting your entire device is our highest priority.

When you click the Scan now! button or navigate to this page while a scan is in progress, the device avatar will show a progress bar along with the number of items scanned so far and also an ever changing file name representing the item being scanned at this moment. Since Larry isn't currently connected to the Segira cloud, starting a scan will produce the image seen here. The moment Larry does re-connect to the internet it will be instructed to initiate or continue an ongoing device scan and you will see the progress on the dashboard.
Device dashboard


Known Malware:

Clicking the Known Malware tab will display a list of malware items on your device along with their (file) names, (directory) locations, threat names, categories and the risks these items may pose to your device. The list is ordered and displayed from highest to lowest risk. We calculate the risk based on several factors, including the category and how certain we are about the classification.

Risks include:
High (red): Extreme caution is advised. This is a known, vicious threat to your device and possibly others on your home network. Delete/remove this file as soon as possible.
Medium (orange): Caution is advised. This is a known threat that may cause serious trouble on your device and possibly others on your home network. Delete/remove this file.
Low (yellow): This piece of malware may be more of an annoyance than a threat (like a PUA/PUP or Adware). In all other situations Segira may not yet have a full analysis or picture of this threat and we think something is phishy. While we don't want to ring the alarm bells yet we also don't want to sweep this under the rug. As we get a clearer picture, the risk may be elevated, or we may reclassify the piece of software as harmless, in which case it will disappear from your list.

Category tells you what type of malware you are dealing with, like PUA/PUP, Adware, Virus, Trojan, Worm, Keylogger, Ransomware, Exploit, Rootkit, Backdoor, Scareware and others.

Threat is the designation for a particular piece of malware. Threats can come in many (sometimes minute) variations. We will give those variants the same name for easier identification. Most threats come in the form of a file.

File Path displays the directory we found a particular threat in.

File Name shows the name of the file.
Suspicious files

Malware sometimes attempts to hide (see Rootkit). No hiding when Segira is installed, though. We read and interpret the raw data on a hard drive directly whenever possible. Naturally we also enumerate and analyze all ADSs on NTFS drives. Examples of ADSs are visible above, i.e. the first two files with low risk: pacam_pentax_K100D_50R.dll:6y3mbqtrxn4.exe and pacam_pentax_K100D_50R.dll:photostudio6_retail_tbyb_all.exe. The ':' indicates the file is an ADS. The first stream is named 6y3mbqtrxn4.exe and belongs to the file pacam_pentax_K100D_50R.dll.


Attention Required:

Segira was not able to easily or quickly classify these files on your device and further analysis is required. For security reasons Segira requires all in depths analyses to be performed in the cloud. These analyses necessitate running the code on physical systems or in virtualized environments to obtain the most reliable and accurate classification results while keeping your device protected. Uploading 3rd-party software for Segira or other companies to analyze may breach the agreement you accepted when installing the software/files in question. As Segira cannot know about these agreements, we have to ask you for permission to upload these files before they can be analyzed in the cloud. This may seem like a nuisance but should happen rather rarely. If uploading a file might save you from 'catching a virus', don't you think it is worth a button click every now and then?

: Lets you select & deselect the files you would like to upload for closer inspection. You can toggle all selections by clicking on the itself.

File Name: Shows the name of a file that requires your attention.

File Path: Displays the directory we found an unknown file in.

By default all files will be selected. If you do not want particular files to be uploaded & analyzed, just deselect them.

Hit the Allow upload of selected files button. All unselected files will be marked as upload denied after clicking this button. These files will not be uploaded nor shared unless you decide to do so at a later point in time. These files will also stop counting toward the set of attention required files while they will continue showing up in a separate (upload denied) list on this very page (see image below).
Attention required

To demonstrate what this page may look like after clicking Allow upload of selected files, we first deselected the last two files and then clicked the upload button.

As you can see, the Attention Required panel is gone from the tab as of right now. This may change in subsequent scans if new, unknown files are found.

Instead, the 3 previously selected files show up in the Files whose upload or analysis are pending list. In addition, 3 is also the number displayed in the Attention Required tab's title. This number will automatically decrease as files are uploaded and analyzed (which usually takes a couple of minutes but may take much longer depending on your upload speed and also the current load on the analysis environment) while the Files whose upload or analysis are pending list will not update automatically, although you will be notified when it is out of date. You can manually refresh the list by refreshing the page. If some of the uploaded files turn out to be suspicious or malicious, the count on the Known Malware tab will increase accordingly. Again the list of suspicious files will not be updated automatically if you have the Attention Required tab open while the classification of a file on your device actively changes but you will be notified when it is out of date.

Lastly, all initially deselected files (2 in our example) will now be visible in the Files previously denied to be uploaded list. If at any point in time you would also like to have these files analyzed, just repeat the procedure outlined above.
Upload pending


Drive Selections:

This tab presents you with a list of available drives on your device. Selected drives will be included in the next device scan, which you can initiate from the dashboard tab (see above). By default we auto select all fixed, removable & RAM drives (i.e. built in HDs, USB sticks & thumb drives, SD-cards, external USB as well as FireWire & eSata drives). Ejectable media such as CD-Roms, DVD drives as well as floppy drives are not selected by default. Currently you cannot change this default behavior. We are working on changing this, though. You can however select or deselect each listed drive individually and Segira will remember your choice for that drive for all eternity. A drive has to be present for you to be able to (de)select it. Once you have (un)checked it you can remove the drive and plug it back in and it will remain (un)checked unless you manually change the selection again.

As long as your device is connected to the internet its drives will be updated here in real time. If you have the Drive Selections tab open and you insert or remove a thumb drive, it will appear in or disappear from the list virtually immediately.

Drive: The drive letter assigned to this drive. Alternatively an empty string is shown, if no drive letter is assigned.

Label: The assigned designation of this drive, if any.

Type: The drive's type, i.e. fixed, removable, CDRom & RAM. We currently don't support the scanning of real network drives. If your network drive is a physical drive on a different computer, install Segira on that device and scan it from there. This column will be hidden on very small screens.

Format: The type of file system used on the drive. This column will be hidden on very small screens.

Last scan: Indicates how long ago the last scan completed successfully.

Drive selections