Business Security Forum

turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Stone Emissary ryannj82
Stone Emissary
ryannj82
Posts: 67
Registered: ‎10-26-2009

Infection source

Options

‎07-20-2011 07:37 AM

Hi guys

 

In Office Scan if have a look at the logs it sometimes list an infection source

" Machine Name/IpAddress " 


Does Worry Free 6 have this same function ?

Report Inappropriate Content
Message 1 of 8 (793 Views)
Reply
0 Kudos
Affiliate
greggmh123
Posts: 1,526
Registered: ‎01-23-2010

Re: Infection source

Options

‎07-20-2011 10:38 AM

WGBS displays it like this:

 

7/15/2011 10:35:54SBS2003TROJ_JORIK.MPFinancial_Statement.exeE:\Public\StrippedAttachments\Real-time ScanQuarantined
I am a Trend Micro Affiliate.  My comments and advice come from my personal knowledge and experience.  I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Report Inappropriate Content
Message 2 of 8 (786 Views)
Reply
0 Kudos
Trend Micro Employee
Trend Micro Employee
pardz
Posts: 62
Registered: ‎01-25-2011

Re: Infection source

Options

‎07-26-2011 12:55 PM

Hi ryannj82,

 

 

We still don't have this feature on the latest WFBS.

 

Hopefully this will be available in the next release.

 

 

 

Regards,

 

Pardz

 

 

I am a Trend Micro employee.  My comments and advice come from my personal knowledge and experience.  I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Report Inappropriate Content
Message 3 of 8 (763 Views)
Reply
0 Kudos
Affiliate
greggmh123
Posts: 1,526
Registered: ‎01-23-2010

Re: Infection source

Options

‎07-26-2011 02:36 PM

WFBS (not WGBS!) does show the date, time, and machine name of the source, just not the IP address.

I am a Trend Micro Affiliate.  My comments and advice come from my personal knowledge and experience.  I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Report Inappropriate Content
Message 4 of 8 (756 Views)
Reply
0 Kudos
Stone Emissary ryannj82
Stone Emissary
ryannj82
Posts: 67
Registered: ‎10-26-2009

Re: Infection source

[ Edited ]
Options

‎08-01-2011 04:58 AM - edited ‎08-01-2011 04:59 AM

in officescan its shown as the attached

how would i locate this in WF6 SP3 if it has this

Attachment officescan view.png ‏6 KB
Report Inappropriate Content
Message 5 of 8 (738 Views)
Reply
0 Kudos
Affiliate
greggmh123
Posts: 1,526
Registered: ‎01-23-2010

Re: Infection source

[ Edited ]
Options

‎08-01-2011 10:39 AM - edited ‎08-01-2011 10:40 AM

In WFBS 6 and 7, you click Reports > Log Query.

 

The output is not as complete as in OfficeScan.

 

Date/TimeComputer NameVirus/Malware NameFile NamePathScan TypeAction Taken
7/30/2011 22:43:14SBS2003TROJ_FAKEAL.CRKkFssrqWUYlqst.exeE:\Public\Virus\Real-time ScanQuarantined
I am a Trend Micro Affiliate.  My comments and advice come from my personal knowledge and experience.  I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Report Inappropriate Content
Message 6 of 8 (729 Views)
Reply
0 Kudos
Affiliate
ChrisKo
Posts: 435
Registered: ‎08-18-2010

Re: Infection source

Options

‎08-01-2011 01:30 PM

@Gregg

 

Infection Source is something, that is not existing in WFBS, only in OfficeScan.

Infection Source is not the Computer, where the virus was found, but the computer, that copied an infected file to that machine.

Example: PC A copies a virus to a share on PC B. The Logs will show:

Computer Name: PC B

Infection Source: PC A

This feature was very helpful for example at Conficker infections, where lots of PCs showed virus alerts, but it was only an unsuccessful try. The real source of the infection could be found in the infection source very often.

 

Regards

Christian Kotthoff
ConnecT Informationstechnik GmbH
Report Inappropriate Content
Message 7 of 8 (719 Views)
Reply
Affiliate
greggmh123
Posts: 1,526
Registered: ‎01-23-2010

Re: Infection source

Options

‎08-01-2011 05:47 PM

That is just one more way that WFBS is lacking!

I am a Trend Micro Affiliate.  My comments and advice come from my personal knowledge and experience.  I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Report Inappropriate Content
Message 8 of 8 (713 Views)
Reply
0 Kudos