SYSTEM account in SEP Risk Logs
In the Risk logs under the User Name category some times it shows SYSTEM and some times it shows the user's login name.
My question is why?
Does the user name category indicate that the virus tried to run under that particular user name or does it mean that was the user that was logged in when the virus was caught? And how would SYSTEM show since you can't really login in as SYSTEM? At least are users wouldn't know how to obtain SYSTEM priviledges anyways....