Endpoint Protection

 View Only
  • 1.  System Infected: But no indication in server or client logs

    Posted Nov 17, 2015 02:35 AM

    A user sent me a screenshot of a baloon that jumped up on their PC.

    [SID:28931] System Infected: Adware.Gen Activity 7 detected.

    Why are there not notifications or client logs for this?

    Thanks

     



  • 2.  RE: System Infected: But no indication in server or client logs

    Posted Nov 17, 2015 02:50 AM

    Update: if found the server logs

    but nothing on client side



  • 3.  RE: System Infected: But no indication in server or client logs

    Posted Nov 17, 2015 02:57 AM

    thats from IPS component, have you checked  tracffic log under the Network Threat Protection on the client side



  • 4.  RE: System Infected: But no indication in server or client logs

    Posted Nov 17, 2015 04:14 AM

    Hi,

     

    This is a IPS event so the log would be captured under NTP --> secuirty logs. what's more important is that there is an un detected binary present in the system for which there is no traditional AV signatue available. please run symhelp with threat analysis scan and submit the suspicious files to symante for proper AV detection.

     

    How to run the Threat Analysis Scan in Symantec Help (SymHelp)



  • 5.  RE: System Infected: But no indication in server or client logs

    Posted Nov 17, 2015 05:53 AM

    IPS alerts will be present in the Security log on the client.



  • 6.  RE: System Infected: But no indication in server or client logs
    Best Answer

    Posted Nov 17, 2015 07:46 AM

    Hi jgrab,

    Thanks for the post.  To view IPS attack logs from the SEPM, see:

    Two Reasons why IPS is a "Must Have" for your Network
    https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network

     

    From the client:

    ips_in_client.png

     

    Please update this thread with news if this has answered your question or if there is anything outstanding!  &: )

    With thanks and best regards,

    Mick

     



  • 7.  RE: System Infected: But no indication in server or client logs

    Posted Nov 17, 2015 08:23 AM

    like most said i found the logs under client managment >> security log

    ....dont know why i didnt see them before,,

    the file downloaded was a executable . its no longer in the path that the log indicates

    and a full scan didnt find anything.

    i am runing a power eraser with rootkit and later symhelp 

     

     

    thanks