07-20-2011 10:38 AM
WGBS displays it like this:
|7/15/2011 10:35:54||SBS2003||TROJ_JORIK.MP||Financial_Statement.exe||E:\Public\StrippedAttachments\||Real-time Scan||Quarantined|
07-26-2011 12:55 PM
We still don't have this feature on the latest WFBS.
Hopefully this will be available in the next release.
07-26-2011 02:36 PM
WFBS (not WGBS!) does show the date, time, and machine name of the source, just not the IP address.
08-01-2011 10:39 AM - edited 08-01-2011 10:40 AM
In WFBS 6 and 7, you click Reports > Log Query.
The output is not as complete as in OfficeScan.
|Date/Time||Computer Name||Virus/Malware Name||File Name||Path||Scan Type||Action Taken|
|7/30/2011 22:43:14||SBS2003||TROJ_FAKEAL.CRK||kFssrqWUYlqst.exe||E:\Public\Virus\||Real-time Scan||Quarantined|
08-01-2011 01:30 PM
Infection Source is something, that is not existing in WFBS, only in OfficeScan.
Infection Source is not the Computer, where the virus was found, but the computer, that copied an infected file to that machine.
Example: PC A copies a virus to a share on PC B. The Logs will show:
Computer Name: PC B
Infection Source: PC A
This feature was very helpful for example at Conficker infections, where lots of PCs showed virus alerts, but it was only an unsuccessful try. The real source of the infection could be found in the infection source very often.
08-01-2011 05:47 PM
That is just one more way that WFBS is lacking!