Hi All,
The other night, we received the following event notification from the SEPM server:
=========
Message from:
Server name: qcavmgr
Server IP: 192.168.1.197
At least one security risk found:
Risk name: Tracking Cookies
File path: .m.webtrends.com
Event time: 2011-03-03 00:58:58 GMT
Database insert time: 2011-03-03 01:00:08 GMT
User: 216-01
Computer: 814-1C
IP Address: 10.5.65.101
Domain: Default
Server: qcavmgr
Client Group: My Company\Store Wkstns
Action taken on risk: Deleted
=========
Here's the problem. The UserID, Computer Name, and IP address are all related for these accounts: For instance, for our "Store 216," the user ID would be 216-01, the computer name would be 216-1C, and the IP address would be 10.2.16.101. For the "store accounts," here is what we would expect:
Store # User ID Computer IP Address
Store 216 216-01 216-1C 10.2.16.101
Store 814 814-01 814-1C 10.8.14.101
Store 565 565-01 565-1C 10.5.65.101
The problem is that none of these User IDs, Computer Names, or IP Addresses seem to be in the database. I tried doing searches with "Computer Name Like" and "IP Address Like" searches under the client section in the SEPM console, as well as exporting a list of all clients.
I think that I may need to "clean up" the database, but don't really know what I need to do. Any help or pointers would be very much appreciated.
Thanks in advance!
Mark