So, It seems I have a "trojan" on my computer that SEP is not picking up on one of my local computers, but SEPM is logging and notifying me regarding the attack. Eventually the continuous probing / scanning of ports blocks the client computer out of existance for awhile, then back online-- unfortunately this annoyance blocks the client computer from accessing network features + shared resources (printers network drives etc) -- here is a log detail generated by sepm monitor.
Event Description: |
Attack Type: |
Event Time: |
Remote Host IP: |
Occurrence: |
Alert: |
Begin Time: |
End Time: |
Domain Name: |
Site Name: |
Server Name: |
Group Name: |
Computer Name |
Current: |
When event occurred: |
|
IP Address |
Current: |
When event occurred: |
|
Operating system: |
Location Name: |
User Name: |
Severity: |
Local MAC: |
Remote MAC: |
Hardware Key: |
Network Protocol: |
Traffic Direction: |
Send SNMP trap: |
Remote Host Name: |
Hack Type: |
Application Name: |
Of course there is little to any information as to what is scanning the computers in local subnet, but at least i've narrowed it down to one computer -- but sep, full virus scan, nothing has come up... is there a method i can use within SEP on the local computer thats "infected" to monitor what program is causing this port scanning issue? Thanks, any help will be appreciated