Hello,
A quarantined malware shows up in the SEP Client console under 'View Quarantine', wherein, it shows the 'File Create Date'.
Is that the actual creation date of the file OR the date when it landed on the system.
1. Does it get featured in any of the SEPM Reports?
We need to find out whether the malware was sourced from any remote endpoint. Since source IP field shows value as 0.0.0.0, we need to ascertain whether requirements to retrieve this information in Risk Logs are met.
2. Will enabling Risk Tracer, Firewall and IPS fulfil the requirement? OR is there something left out?
Thanks,
Jimmy
=-=-=