Video Screencast Help

Risk Tracer's ability to identify remote computer

Created: 20 Mar 2013 | 4 comments
AjinBabu's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

Hi All

It is easier to find virus origin if Risk Tracer is able to identify remote computer.

Currently it cannot identify the remote computer

Regards

Ajin

Comments 4 CommentsJump to latest comment

.Brian's picture

Not sure what you mean? This is the point of risk tracer

About Risk Tracer

Article:HOWTO27137  |  Created: 2010-01-08  |  Updated: 2010-01-15  |  Article URL http://www.symantec.com/docs/HOWTO27137

What is Risk Tracer?

Article:TECH102539  |  Created: 2007-01-27  |  Updated: 2011-04-26  |  Article URL http://www.symantec.com/docs/TECH102539

How to use Risk Tracer to locate the source of a threat in Symantec Endpoint Protection

Article:TECH198443  |  Created: 2012-10-16  |  Updated: 2012-11-26  |  Article URL http://www.symantec.com/docs/TECH198443

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote
AjinBabu's picture

HI Brian,

Thanks for the above links.

Risk Tracer lists a source as unknown when the following conditions are true:

  • It cannot identify the remote computer.
  • The authenticated user for a file share refers to multiple computers. This condition can occur when a user ID is associated with multiple network sessions. For example, multiple computers might be logged on to a file sharing server with the same server user ID.

Regards

Ajin

0
Login to vote
.Brian's picture

In your case this is because the file was downloaded first. Than attempted to execute. It was local so there was no remote IP

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

0
Login to vote