Skip to content


Reply
Stone Talent
ryannj82
Posts: 67
Registered: ‎10-26-2009
Accepted Solution

Infection source

Hi guys

 

In Office Scan if have a look at the logs it sometimes list an infection source

" Machine Name/IpAddress " 


Does Worry Free 6 have this same function ?


I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Affiliate
greggmh123
Posts: 1,976
Registered: ‎01-23-2010

Re: Infection source

WGBS displays it like this:

 

7/15/2011 10:35:54SBS2003TROJ_JORIK.MPFinancial_Statement.exeE:\Public\StrippedAttachments\Real-time ScanQuarantined

I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Trend Micro Employee
pardz
Posts: 62
Registered: ‎01-25-2011

Re: Infection source

Hi ryannj82,

 

 

We still don't have this feature on the latest WFBS.

 

Hopefully this will be available in the next release.

 

 

 

Regards,

 

Pardz

 

 


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Affiliate
greggmh123
Posts: 1,976
Registered: ‎01-23-2010

Re: Infection source

WFBS (not WGBS!) does show the date, time, and machine name of the source, just not the IP address.


I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Stone Talent
ryannj82
Posts: 67
Registered: ‎10-26-2009

Re: Infection source

[ Edited ]

in officescan its shown as the attached

how would i locate this in WF6 SP3 if it has this


I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Affiliate
greggmh123
Posts: 1,976
Registered: ‎01-23-2010

Re: Infection source

[ Edited ]

In WFBS 6 and 7, you click Reports > Log Query.

 

The output is not as complete as in OfficeScan.

 

Date/TimeComputer NameVirus/Malware NameFile NamePathScan TypeAction Taken
7/30/2011 22:43:14SBS2003TROJ_FAKEAL.CRKkFssrqWUYlqst.exeE:\Public\Virus\Real-time ScanQuarantined

I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Affiliate
ChrisKo
Posts: 791
Registered: ‎08-18-2010

Re: Infection source

@Gregg

 

Infection Source is something, that is not existing in WFBS, only in OfficeScan.

Infection Source is not the Computer, where the virus was found, but the computer, that copied an infected file to that machine.

Example: PC A copies a virus to a share on PC B. The Logs will show:

Computer Name: PC B

Infection Source: PC A

This feature was very helpful for example at Conficker infections, where lots of PCs showed virus alerts, but it was only an unsuccessful try. The real source of the infection could be found in the infection source very often.

 

Regards

Christian Kotthoff - ConnecT Informationstechnik GmbH

I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Affiliate
greggmh123
Posts: 1,976
Registered: ‎01-23-2010

Re: Infection source

That is just one more way that WFBS is lacking!


I am a Trend Micro Affiliate. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.