Alert Actions

This Article Applies to:

Avast Business Hub

Each alert shown in the Hub (on the Alerts page, Devices page, or Dashboard) can be handled by selecting an action from the drop-down menu next to it. In most cases, you can either perform a recommended action to resolve/inspect the issue triggering the alert or dismiss the alert.

The alert defines which action is recommended (e.g. Restart device for the Device requires restart alert). For some alerts, two possibilities will be offered (e.g. Restart + boot-time scan or View threat for unresolved threats). For certain informational alerts, on the other hand, only the option to dismiss the alert will be available.

Refer to the tables below to learn more about each alert and the related resolution options.

Antivirus

Alert	Severity	Description	Actions menu options	Additional information/recommendations	Auto-resolve
Threat unresolved	Critical	A threat has been found but could not be resolved automatically	• Restart + boot-time scan • View threat • Dismiss	This alert is triggered when a detected threat could not be moved to Quarantine or deleted. Running a boot-time scan should resolve the issue. If the issue persists, try connecting to the device with Remote Control and inspecting the infected file manually (advanced users) or contact Avast Business Support.	None
Virus definitions outdated 14+/21+ days	Warning	Virus definitions on the device are out of date more than 14/21 days for one or more reasons: • The policy is set to manual updates, not automatic • The devices are not available for updating	• Update - VPS update • Dismiss	Ensure the device is online so it can receive updates, and consider enabling automatic updates (see Configuring Virus Definitions and Antivirus Program Updates).	VPS updated
OS permissions missing	Warning	One or more security services need to be allowed on the device	• Learn more • Dismiss	The Learn more option leads to System Extension Blocked Message in macOS. Following the provided instructions should resolve this alert.	OS permissions allowed
Antivirus program outdated	Warning	Antivirus on the device is outdated due to one of the possible reasons: • Automatic updates are turned off in the assigned policy • The devices are not available to finish the update	• Update - program update • Dismiss	Ensure the device is online so it can receive updates, and consider enabling automatic updates (see Configuring Virus Definitions and Antivirus Program Updates).	Antivirus program updated
File access blocked (by user)	Warning	An untrusted process tried to access a protected folder and was blocked by the user	• View threat • Dismiss	If you want to prevent your users from modifying endpoint settings, consider enabling UI protection in your policy settings (see General Antivirus Settings).	None
File access allowed (by user)	Warning	An untrusted process tried to access a protected folder and was allowed by the user	• Add to trusted apps • Dismiss	If you want to prevent your users from modifying endpoint settings, consider enabling UI protection in your policy settings (see General Antivirus Settings).	None
Threat quarantined	Information	A threat has been found and automatically moved to Quarantine	• View Quarantine • Full System Scan • Dismiss	The quarantined threat can be deleted or restored from Quarantine (see Resolving Threats). If you believe the detection is a false positive, you can send us the file for further analysis (see Submitting Suspected False Positives). If our Threat Labs specialists confirm a false positive, updating virus definitions should resolve the issue. Alternatively, if you are certain the file is safe, you can exclude it from future scans (see Configuring Antivirus Exclusions).	None
Threat found and resolved	Information	A threat has been found and automatically resolved	• Quick scan • Dismiss	/	None

Patch Management

Alert	Severity	Description	Actions menu options	Additional information/recommendations	Auto-resolve
Critical patch missing	Critical	Critical or Important patch is missing on the device	• View device • Dismiss	We highly recommend installing all critical patches as soon as possible. You can set up automatic deployment of missing patches in your policy (see Deploying Missing Patches).	Patch deployed*
Patch failed to install	Warning	Installation of a patch failed to these devices due to one of the possible reasons: • Patch failed to download (Firewall or Antivirus blocking the download, proxy issue, local network share access) • Patch failed to run batch file or initiate patch • Patch failed to copy from master agent to target devices	• Try again • Dismiss	• Check user privileges, ensuring that the device can copy and install under the local admin account. • Check your network shares, ensuring that the device can obtain the patch from the master/mirror agent, or that the device can obtain the update directly from the internet if you're not using the master/mirror agent. • Make sure firewall/proxy is not blocking the download of the update.	Patch deployed
Patch missing	Information	Low-severity patches are missing on the device	• View device • Dismiss	We recommend installing all missing patches on a weekly basis. You can set up automatic deployment of missing patches in your policy settings (see Deploying Missing Patches).	Patch deployed*

Alert

Severity

Description

Actions menu options

Additional information/recommendations

Auto-resolve

Critical patch missing

Critical

Critical or Important patch is missing on the device

• View device

• Dismiss

We highly recommend installing all critical patches as soon as possible. You can set up automatic deployment of missing patches in your policy (see Deploying Missing Patches).

Patch deployed*

Patch failed to install

Warning

Installation of a patch failed to these devices due to one of the possible reasons:

• Patch failed to download (Firewall or Antivirus blocking the download, proxy issue, local network share access)

• Patch failed to run batch file or initiate patch

• Patch failed to copy from master agent to target devices

• Try again

• Dismiss

• Check user privileges, ensuring that the device can copy and install under the local admin account.

• Check your network shares, ensuring that the device can obtain the patch from the master/mirror agent, or that the device can obtain the update directly from the internet if you're not using the master/mirror agent.

• Make sure firewall/proxy is not blocking the download of the update.

Patch deployed

Patch missing

Information

Low-severity patches are missing on the device

• View device

• Dismiss

We recommend installing all missing patches on a weekly basis. You can set up automatic deployment of missing patches in your policy settings (see Deploying Missing Patches).

Patch deployed*

* If the patch is installed outside of Avast software, the alert is deleted.

Cloud Backup

Alert	Severity	Description	Actions menu options	Additional information/recommendations	Auto-resolve
No backup space left	Critical	Cloud Backup storage is full (there is no space for new backups)	• Choose subscription • Dismiss	You can also free up existing storage space by removing unneeded backups (see Deleting Files Backed Up With Cloud Backup).	Subscription increased / space cleared
Restore failed	Critical	Some or all files could not be restored to the device	• Try again • Dismiss	Ensure the device is online.	Subsequent restore was successful
Backup overdue	Warning	The scheduled backup didn't occur when expected	• Back up now • Dismiss	Ensure the device is online.	Subsequent backup was run
Backup failed	Warning	Backup failed to complete	• Back up now • Dismiss	Ensure the device is online.	Subsequent backup was run
Running out of backup space	Warning	Cloud Backup storage is almost full (there is limited space for new backups)	• Choose subscription • Dismiss	You can also free up existing storage space by removing unneeded backups (see Deleting Files Backed Up With Cloud Backup).	Subscription increased / space cleared
Device could not be removed	Information	The device could not be removed from the Hub due to an ongoing Cloud Backup restore task	• View device • Dismiss	Wait for the restore task to finish, then try again.	None
Partial backup	Information	The backup was performed, but some files could not be backed up	• Back up now • Dismiss	Check which files were not backed up and why (they may be encrypted or corrupted).	Subsequent backup was run
Restore finished	Information	Files were successfully restored to the device	• Dismiss	/	None

Devices

Alert	Severity	Description	Actions menu options	Additional information/recommendations	Auto-resolve
Device requires restart	Warning	The device needs to be restarted to finish the Antivirus program/virus definitions update or to apply patches	• Restart device • View device • Dismiss	/	Device restarted
Agent outdated 21+ days	Information	The device agent is out of date for more than 21 days for one or more reasons: • Something went wrong on the network • Something on the device is blocking the automatic update	• View device • Dismiss	Ensure the device is online so that it can receive updates. If the issue persists, you can run a new installer on the device (see Installing Managed Antivirus).	Agent updated
Device connection lost 14+/21+ days	Information	Devices have not synced in more than 14/21 days for one or more reasons • The devices have been completely offline • The device has been erased or reinstalled completely • Network issues are preventing our services from synchronizing	• Dismiss	Check why the device is not connected to the network and reconnect it. If the device is no longer in use, you can remove it from the console (see Removing Devices From Business Hub).	Device online
Obsolete OS	Information	The device is running on legacy OS that is not supported by the manufacturer (it is no longer receiving security patches)	• Learn more • View device • Dismiss	The Learn more option leads to System Requirements. Update the device's OS to a version listed there.	None
Device added	Information	A new device has been installed and added to the console	• View device • Dismiss	You can run a full system scan to check the status of the newly added device (see Running Full System Scans).	None

Subscriptions

Alert	Severity	Description	Actions menu options	Additional information/recommendations	Auto-resolve
Antivirus / Patch Management subscription expired	Critical	The account is using an invalid Antivirus subscription due to one of the possible reasons: • The subscription has expired • You exceeded the number of available subscription seats	• Choose subscription • Dismiss	If the subscription has not expired but the number of seats has been exceeded, you can also purchase new seats or free up existing seats (see Managing Subscriptions).	Subscription valid again

Alert

Severity

Description

Actions menu options

Additional information/recommendations

Auto-resolve

Antivirus / Patch Management subscription expired

Critical

The account is using an invalid Antivirus subscription due to one of the possible reasons:

• The subscription has expired

• You exceeded the number of available subscription seats

• Choose subscription

• Dismiss

If the subscription has not expired but the number of seats has been exceeded, you can also purchase new seats or free up existing seats (see

Managing Subscriptions).

Subscription valid again

Web Control

Alert	Severity	Description	Actions menu options	Additional information/recommendations	Auto-resolve
Malicious domain blocked	Information	An attempt to access a malicious website was blocked	• Dismiss	Speak to the users in case of repeated visits. If you believe the website is legitimate, you can add it to the allowed domains in your policy's Web Control settings (see Web Control).	None