Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 15.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:16:00 to 11/06/2014 11:17:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:17:55
|
Tamper Protection
Major
8
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:16:55
|
Tamper Protection
Major
15
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 40.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:17:00 to 11/06/2014 11:18:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:17:55
|
Tamper Protection
Major
8
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 29.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:21:00 to 11/06/2014 11:22:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:21:55
|
Tamper Protection
Major
8
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:21:55
|
Tamper Protection
Major
21
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:21:16
|
Tamper Protection
Major
1
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
LOCAL SERVICE
|
Allow
|
C:\WINDOWS\SYSTEM32\RACAGENT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:21:15
|
Tamper Protection
Major
1
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
LOCAL SERVICE
|
Allow
|
C:\WINDOWS\SYSTEM32\TASKENG.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 29.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:26:00 to 11/06/2014 11:27:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:26:55
|
Tamper Protection
Major
29
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 16.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:27:00 to 11/06/2014 11:28:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:28:25
|
Tamper Protection
Major
16
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 24.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:31:00 to 11/06/2014 11:32:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:32:55
|
Tamper Protection
Major
10
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:31:55
|
Tamper Protection
Major
24
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 10.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:32:00 to 11/06/2014 11:33:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:32:55
|
Tamper Protection
Major
10
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 21.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:36:00 to 11/06/2014 11:37:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:36:56
|
Tamper Protection
Major
19
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:36:55
|
Tamper Protection
Major
2
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:36:13
|
Tamper Protection
Major
1
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 27.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:41:00 to 11/06/2014 11:42:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:41:56
|
Tamper Protection
Major
17
|
Default
sepm
My Company\ACS-IR Servers
|
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:41:56
|
Tamper Protection
Major
9
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:41:30
|
Tamper Protection
Major
1
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 26.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:46:00 to 11/06/2014 11:47:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:47:26
|
Tamper Protection
Major
19
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:47:26
|
Tamper Protection
Major
6
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:46:56
|
Tamper Protection
Major
1
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 28.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:51:00 to 11/06/2014 11:52:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:52:23
|
Tamper Protection
Major
1
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:51:56
|
Tamper Protection
Major
7
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\WERFAULT.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:51:56
|
Tamper Protection
Major
20
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 18.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 11:56:00 to 11/06/2014 11:57:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 11:57:52
|
Tamper Protection
Major
1
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 11:56:56
|
Tamper Protection
Major
18
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.
Found 10 or more security events in 1 minutes on computer ACSSERVER. Actual number of security events found was 22.
Security events included:
Compliance and Application Control.
Symantec Endpoint Protection
|
|
|
|
|
11/06/2014 12:01:00 to 11/06/2014 12:02:00
|
|
Print
|
|
|
Top
Network Threat Protection and Compliance Events
Nothing to Report
Top
Application Control Events
Event Time
|
Event Type
Severity
Number
|
Domain
Server
Group
|
Computer
IP Address
Operating System
|
Client User Name
|
Rule Name
Action
|
Caller process
Target
|
Event Description
|
11/06/2014 12:02:26
|
Tamper Protection
Major
22
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
SYSTEM
|
Allow
|
C:\PROGRAM FILES\NCR\OPENSSH\BIN\SSHD.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
11/06/2014 12:01:47
|
Tamper Protection
Major
1
|
Default
sepm
My Company\ACS-IR Servers
|
ACSSERVER
x.x.x.x
Windows Server 2008 Standard Edition
|
ACSBACK
|
Allow
|
C:\WINDOWS\SYSTEM32\IPCONFIG.EXE
C:\Windows\System32\sysfer.dll
|
"C:\Windows\System32\sysfer.dll"
|
|
For more information on network threat protection events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and Attacks log content.
For more information on traffic events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Traffic log content.
For more information on compliance events, see the Monitors page, Logs tab, and select the Compliance log type and the Host Compliance log content.
For more information on device control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Device Control log content.
For more information on packet events, see the Monitors page, Logs tab, and select the Network Threat Protection log type and the Packet log content.
For more information on application control events, see the Monitors page, Logs tab, and select the Application and Device Control log type and the Application Control log content.