cancel
Showing results for 
Search instead for 
Did you mean: 

Need Help Locating Infected File.

Hello Everyone,

I need help identifying the infected/detection since I am not able to located it. I have tried checking the onDemandScanlog/EPO Console, but could not find the name of the infected file. I have also tried checking for the quarantine folder to see if it was there, but our server does not appear to have it. In addition, I have enable "view hidden files" on the server.

Type:Error
Source:McLogEvent
Event ID:259
Event Time:10/14/2014 2:54:14 AM
User:NT AUTHORITY\SYSTEM
Computer:

Description:

The scan found detections. Scan engine version 5700.7163 DAT version 7590.

4 Replies

Re: Need Help Locating Infected File.

Your looking in the right place, it should be in the OnDemandScanLog.txt but I would also check the OnAccessScanLog.txt & AccessProtectionLog.txt to be on the safe side. Otherwise just thought I would give you the below info to further research.

You can also go here to reference MS event ID's to correlate to VSE: https://kc.mcafee.com/corporate/index?page=content&id=KB52417&pmv=print

Looks like yours is below:

Re: Need Help Locating Infected File.

Hello Fitch,

I checked the other logs as well but could not find anything. As a matter of fact the other logs were not event updated as you can see from the screen shot.

Re: Need Help Locating Infected File.

Is there any way that I can see user OnDemandScanLog.txt file through ePO or any other method because I always seen Event Description as " Scan found infected files." in ePO threat events but there is no information about which files are infected.

Re: Need Help Locating Infected File.

You can see it from machine threat events (By default it will shows last 1 day), Also you can check ePO event filter tab where required event may be de-select.