Endpoint Protection

My Company is running SEPM 12.1.6608.xxxx on Win Server 2008 R2 and  we have Windows 7 Client systems. A file was placed on one of our shares and has propagated to other folders. It currently has not done any damage. We think symantec has recognized the file and stopped it from shutting down our server. 

I would like to find the cllient system/s that dropped these files. Can SEPM provide me that information?

I can't seem to locate anything related to the files in SEPM.

See image for files

I believe the txt and the html may have the virus in it so I will not attach them to this post

I am very new to managing SEPM and have not had any formal training. This was recently handed to me. 

Thanks,

mbelgen

It's some form of Ransomware.

If you right click either one of those text or html files and check the owner, that will tell you who is initial infected user is.

Aside, from that you can check Risk log in SEPM (Monitors >> Logs and set Log type to Risk)

Assuming clients are reporting in to SEPM, it should have all the relevant logs.

Thanks, I feel quite idiotic for not thinking about checking the properties of the file. Brain poooof.