Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

How To Find Clients Running Specific Executables

  • 1.  How To Find Clients Running Specific Executables

    Posted Jul 23, 2014 02:35 PM

    In the SEP console we run the report "Top Blocked Executables" every night.

    Last night it reported an executable that we must remove.

    The report only says that the executable was blocked a specific number of times.  It does not give any clues as to which machine(s) is(are) running the executable.

    How can we locate the machine(s) that is(are) running the executable in question?

    -Vik



  • 2.  RE: How To Find Clients Running Specific Executables
    Best Answer

    Posted Jul 23, 2014 02:36 PM

    Check the Network Threat Protection log under the Monitors section. Sounds like it's related to the firewall.

    What's the Report Type that you run in the reporting section? It will be the same as what's in the Monitoring section.



  • 3.  RE: How To Find Clients Running Specific Executables
    Best Answer

    Posted Jul 23, 2014 04:12 PM

    That did the trick.

    Monitors -> Logs

    -> Network Threat Protection

    -> Traffic

    -> Blocked Traffic

    Then "Export" the resulting data, and I can see the executables in question.

     

    Precisely what I needed.

     

    Thanks very much!



  • 4.  RE: How To Find Clients Running Specific Executables

    Posted Jul 23, 2014 04:23 PM

    HtH wink