cancel
Showing results for 
Search instead for 
Did you mean: 
ron.sokol
Level 10

Weird "Threat_Detected" threat name I can't seem to find to tune out.

I have on a couple of occasions received an email from ePO based on an automated response rule I actually wrote for VSE.  It triggers on an unhandled malware detection.

I don't receive all details on the threat from the email which is normal, but based on the approximate time, I feel I should be able to find it in the threat event logs or AppControl observation applet.  But alas, I cannot.

Here are the details I do have from the original email notification (sanitized):

ePolicy Orchestrator Notification

Response Name: AAP: Corp Malware detected and not handled Event Type Name: Threat Defined at: Corp System Location: GlobalRoot\mypath

Description: Sends an e-mail notification when "Malware detected and not handled" events are received.

Number of events: 1

Target Host Name(s): [myhost]

Target User Name(s):

Source IPV6 addresses: [myip]

Source IPV4 addresses: [myip]

Threat Names: THREAT_DETECTED

Detecting Product Names: Solidcore

Threat Target File Path: C:\Program Files (x86)\RealVNC\VNC4\vncviewer.exe

Can anyone help me put a down payment on a clue? LOL!  Thanks in advance.

Message was edited by: ron.sokol
BTW, I'm running SC 6.0.0.340 ePO mgt. extension 6.0.0.542
ePO 4.6 P1, MA 4.6 P2 on 3/12/13 8:35:40 AM CDT
0 Kudos