Endpoint Protection

I have noticed on numerous occasions when viewing the risk logs and Virus detection email notifications that an incorrect user and computer name is displayed. The detection identifies a path location for the virus under a user who does not even have a user profile on the computer. How does this occur?

Does the username exist at all? Where is the detection at? Perhaps it is from an attac on the network

What version of SEPM?

Yes the username is valid. No, it is not a network attack. The risk log continues to change computer names. Within the last hour the computer name changed three times on the Risk log. Email notifications are also showing incorrect computer names.

Attachment(s)

1Document.doc   95 KB 1 version

2Document.doc   91 KB 1 version

Here is another post showing another different computer name on the Risk log from the same attack. I have also noticed this issue occuring at another school location. While the correct endpoint can usually be determined, it is incorrect and misleading. I was hoping there would be an answer or if someone else has noticed this in their system.

Attachment(s)

3Document.doc   91 KB 1 version

This could be due to the type malware detected. I'm not sure what you know about zeroaccess but it's pretty nasty to say the least.

I'll see what I can find on it.

Is this still occurring?

Brian,

Yes, it is still occurring. I noticed the issue the other day on a client report. Our school resource officer had Malware on his computer and it was cleaned. We deleted the client logs, but I continued to receive the reports until I sent a content and scan command. I notice on one of the reports that the computer name was incorrect but I was not concerned because of the history of the problem. I have email copies of the reports.

The only way to prove this it to have a Symantec webex in to prove the issue.

Pat

Pat