Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEPM Risk Log and Virus Email Notifications Have incorrect Username

Created: 17 Oct 2013 • Updated: 27 Nov 2013 | 6 comments

I have noticed on numerous occasions when viewing the risk logs and Virus detection email notifications that an incorrect user and computer name is displayed. The detection identifies a path location for the virus under a user who does not even have a user profile on the computer. How does this occur?

Operating Systems:

Comments 6 CommentsJump to latest comment

.Brian's picture

Does the username exist at all? Where is the detection at? Perhaps it is from an attac on the network

What version of SEPM?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Pat Gainer's picture

Yes the username is valid. No, it is not a network attack. The risk log continues to change computer names. Within the last hour the computer name changed three times on the Risk log. Email notifications are also showing incorrect computer names.

AttachmentSize
1Document.doc 95 KB
2Document.doc 91 KB
Pat Gainer's picture

Here is another post showing another different computer name on the Risk log from the same attack. I have also noticed this issue occuring at another school location. While the correct endpoint can usually be determined, it is incorrect and misleading. I was hoping there would be an answer or if someone else has noticed this in their system.

AttachmentSize
3Document.doc 91 KB
.Brian's picture

This could be due to the type malware detected. I'm not sure what you know about zeroaccess but it's pretty nasty to say the least.

I'll see what I can find on it.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

Is this still occurring?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Pat Gainer's picture

Brian,

Yes, it is still occurring. I noticed the issue the other day on a client report. Our school resource officer had Malware on his computer and it was cleaned. We deleted the client logs, but I continued to receive the reports until I sent a content and scan command. I notice on one of the reports that the computer name was incorrect but I was not concerned because of the history of the problem. I have email copies of the reports.

The only way to prove this it to have a Symantec webex in to prove the issue.

Pat

 

 

 

Pat