Video Screencast Help

Virus information

Created: 24 Sep 2013 | 8 comments

We have enabled risk tracer, and it can detect source IP before. but recently, we cannot see source IP in risk log. Is it because the risk file was uploaded before installing SEP ?The virus file was cleaned by deletion. How can I know the created time of this virus file if it is deleted by SEP ?

version 12.1.2015.2015

Operating Systems:

Comments 8 CommentsJump to latest comment

Brɨan's picture

If the infection was local than you wont see the remote host. The deletion timestamp should indicate when the virus attack was attempted.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SymQNA's picture

"attempted" means when the file is accessed?
When auto protection detected the virus, does it mean the virus file is being accessed at that time? would you please advise if the file is copied to the SEP client before we installed SEP. Otherwise, there should be source of infection.

Brɨan's picture

If the attempt was local, meaning user plugged in an infected USB drive or unknowingly downloaded a bad file than the source in the log would be local, you wouldn't see a remote source. If the machine was infected before SEP was installed, the infection would still be considered local to the machine.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SymQNA's picture

understood, thanks. Then is there any log record the properties of the virus file? like created time and file size or...

Brɨan's picture

You can see what Risk log shows in the SEPM, that usually shows a great deal of info

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SymQNA's picture

Hi yes, I can see the file size, but still cannot see the created time of the file.

virus info.png
Beppe's picture

Hello,

I am afraid, it that piece of information is not there, then it is lost.

Regards,

Giuseppe