I am getting in ePO Malware alerts (AV.PUP) from a machine that investigations show is not switched on.
The machine in question is a virtual system, used for cloning Citrix servers, that is switched off. I am getting the same 4 ePO alerts around the same time every day (5 in the morning) with the same event IDs ( 16890369, 9615617, 2341121,7519233) with an Event Generated Time of 30/12/99 00:00:00.
I have no idea what is sending out these events and I cannot think how I can diagnose what is.
Does anyone have any idea where I can start?
Re: Switched off Server sending out Virusscan Alerts
Is there anything that happens at 5 am in the morning when those alerts go out? Is the alert configured to show IP or mac address of the system also? Is that system reimaged at that time or used to bring up another image? It is possible if that is the case, the original image has those pup files and every time it is reimaged or brought back up new, those same files may exist still.
Was my reply helpful? If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.