Here's an example of an infection alert we receive:
An endpoint has recently detected an infection:
Site Name: ABC
Hostname: ABC-RDS
Group Name: Desktops
Policy Name: ABC Desktops
Keycode: XXXXXXXXXXXXXXXXXXXXX
Infection List:
INSTALL[1].EXE, Adware.Installcore, %cache%, http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx?MD5=5E5D720DCE18612641FE
Here's the problems I have:
1) Alert does not indicate what was done with the infected file (was it quarantined?)
2) Path included (%cache%) is incomplete, i.e. which user profile is this (it's a terminal server)
Am I missing something here? This seems like basic stuff that should be included.
Userlevel 7
+56
Let me have support follow up with you on this one.
Yes, I also miss the info what has been done with the infection.
It would be great if more info can be added.
It would be great if more info can be added.
Hi,
You can configure the alert to provide more info such as IP address, Current user, etc... Just go to the alerts tab and then add your fields.
You can configure the alert to provide more info such as IP address, Current user, etc... Just go to the alerts tab and then add your fields.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.