Manage Device offers detailed information about a particular device (after
You can reach this page indirectly via the top level
menu and then by clicking the Manage device button of any of your listed devices.
Alternatively you can click on the
on the device in question itself and select Open portal in its context menu.
Once you have seen a device (panel) on
this page will look very familiar as it will show the same header and avatar for any
given device. Manage Device focuses on a single device. It lets you start and stop
scans, reveals details about suspicious or malicious files, and lets you upload
files that require a more in-depth analysis. You also have the opportunity to change
the selection of drives to be included or excluded in your next scan.
There are 5 tabs & topics to choose from:
- Scan (shows device's state & lets you start scans)
- Quarantine (lists quarantined, suspicious & malicious files on this device)
- Vault (lists cloned files to allow recovery from ransomware attacks)
- Community (lists files the community doesn't have)
- Settings (lets you select which drives to scan & what directories to exclude)
For the examples seen below we use the same 3 devices as seen in the
My Devices help:
Larry, Curly & Moe.
This tab summarizes the overall state of your device and lets you start
and stop scans for malware. Beware: The Segira client is currently a
passive anti-malware scanner only. This means it does not protect you from
downloading or executing malware on your system. We are working on adding this
feature to our next version. For now you have to manually initiate a scan by
clicking the Scan now! button when you want your device to be re-analyzed.
The first scan will start automatically right after installing the Segira client
and may likely take several minutes or even an hour or longer, depending on the
number and speed of hard drives connected and the number of files on them.
Consecutive scans will be much faster as we will scan only new or modified files.
Unlike so many anti-malware products out there, we scan your entire HD every time.
Other products often scan only directories where malware is likely to reside, in
order to claim quick scan speeds, with the tradeoff that they fail to examine the
entire device. In contrast, we have developed a proprietary algorithm that allows
us to re-scan all of your HDs every time at a speed that likely beats that of other
anti-malware products. Protecting your entire device is our highest priority.
When you click the Scan now! button or navigate to this page while
a scan is in progress, the device avatar will show a progress bar along
with the number of items scanned so far and also an ever changing file
name representing the item being scanned at this moment. Since Larry
isn't currently connected to the Segira cloud, starting a scan will produce
the image seen here. The moment Larry does re-connect to the internet
it will be instructed to initiate or continue an ongoing device scan and you
will see the progress on the dashboard.
Clicking the Quarantine tab will display a list of quarantined or immobilized
malware on your device along with their (file) names, (directory) locations, threat
names, categories and the risks these items may pose to your device. The list is ordered
and displayed from highest to lowest risk. We calculate the risk based on several factors,
including the category and how certain we are about the classification. Segira Anti-Malware
prevents these files from executing.
• High (red):
Extreme caution is advised. This is a known, vicious threat to your device
and possibly others on your home network. Delete/remove this file as soon as possible.
• Medium (orange):
Caution is advised. This is a known threat that may cause serious trouble
on your device and possibly others on your home network. Delete/remove this file.
• Low (yellow):
This piece of malware may be more of an annoyance than a threat (like a
). In all other situations
Segira may not yet have a full analysis or picture of this threat and we think something
is phishy. While we don't want to ring the alarm bells yet we also don't want to sweep
this under the rug. As we get a clearer picture, the risk may be elevated, or we may
reclassify the piece of software as harmless, in which case it will disappear from your list.
tells you what type of malware you are dealing with, like
is the designation for a particular piece of malware. Threats can
come in many (sometimes minute) variations. We will give those variants the same
name for easier identification. Most threats come in the form of a file.
displays the directory we found a particular threat in.
shows the name of the file.
Malware sometimes attempts to hide (see Rootkit
No hiding when Segira is installed, though. We read and interpret the raw data
on a hard drive directly whenever possible. Naturally we also enumerate and
analyze all ADSs
on NTFS drives. Examples of ADSs are visible above, i.e. the first two files with low risk:
The ':' indicates the file is an ADS. The first stream is named 6y3mbqtrxn4.exe
belongs to the file pacam_pentax_K100D_50R.dll
The Vault tab displays a list of cloned files to allow recovery from ransomware
Segira was not able to easily or quickly classify these files on your device and further
analysis is required. For security reasons Segira requires all in depths analyses to
be performed in the cloud. These analyses necessitate running the code on physical systems
or in virtualized environments to obtain the most reliable and accurate classification
results while keeping your device protected. Uploading 3rd-party software for Segira or
other companies to analyze may breach the agreement you accepted when installing the
software/files in question. As Segira cannot know about these agreements, we have to ask
you for permission to upload these files before they can be analyzed in the cloud. This
may seem like a nuisance but should happen rather rarely. If uploading a file might save
you from 'catching a virus', don't you think it is worth a button click every now and then?
: Lets you select &
deselect the files you would like to upload for closer inspection. You can toggle
all selections by clicking on the
File Name: Shows the name of a file that requires your attention.
File Path: Displays the directory we found an unknown file in.
By default all files will be selected. If you do not want particular
files to be uploaded & analyzed, just deselect them.
Hit the Allow upload of selected files button. All unselected files will
be marked as sharing denied after clicking this button. These files will
not be uploaded nor shared unless you decide to do so at a later point in time.
These files will also stop counting toward the set of missing Community files
while they will continue showing up in a separate (sharing denied) list
on this very page (see image below).
To demonstrate what this page may look like after clicking Allow upload of selected
, we first deselected the last two files and then clicked the upload button.
As you can see, the Files unknown to the community panel is gone from the tab as of
right now. This may change in subsequent scans if new, unknown files are found.
Instead, the 3 previously selected files show up in the Files whose upload or
analysis are pending list. In addition, 3 is also the number displayed in the
Community tab's title. This number will automatically decrease as
files are uploaded and analyzed (which usually takes a couple of minutes but
may take much longer depending on your upload speed and also the current load
on the analysis environment) while the Files whose upload or analysis
are pending list will not update automatically, although you will be notified
when it is out of date. You can manually refresh the list by refreshing the page.
If some of the uploaded files turn out to be suspicious or malicious, the count
on the Known Malware tab will increase accordingly. Again the list of
suspicious files will not be updated automatically if you have the
Community tab open while the classification of a file on your device
actively changes but you will be notified when it is out of date.
Lastly, all initially deselected files (2 in our example) will now be visible
in the Files previously denied to be shared list. If at any point in
time you would also like to share these files with the community, just repeat
the procedure outlined above.
This tab presents you with a list of available drives on your device. Selected drives
will be included in the next device scan, which you can initiate from the dashboard tab
(see above). By default we auto select all fixed, removable & RAM
drives (i.e. built in HDs, USB sticks & thumb drives, SD-cards, external USB as well as
FireWire & eSata drives). Ejectable media such as CD-Roms, DVD drives as well as
floppy drives are not selected by default. Currently you cannot change this default
behavior. We are working on changing this, though. You can however select or deselect
each listed drive individually and Segira will remember your choice for that drive for
all eternity. A drive has to be present for you to be able to (de)select it. Once you
have (un)checked it you can remove the drive and plug it back in and it will remain
(un)checked unless you manually change the selection again.
As long as your device is connected to the internet its drives will be updated here in
real time. If you have the Drive Selections tab open and you insert or remove a thumb
drive, it will appear in or disappear from the list virtually immediately.
Drive: The drive letter assigned to this drive. Alternatively an empty
string is shown, if no drive letter is assigned.
Label: The assigned designation of this drive, if any.
Type: The drive's type, i.e. fixed, removable, CDRom
& RAM. We currently don't support the scanning of real network drives.
If your network drive is a physical drive on a different computer, install Segira
on that device and scan it from there. This column will be hidden on very small
Format: The type of file system used on the drive. This column will be
hidden on very small screens.
Last scan: Indicates how long ago the last scan completed successfully.