Hi All,
We have observed Trojan/Malware “JS/Exploit-Angler.m” detection by VSE in an internal machine, but the threat source URL is showing blank.
Is there anyway that we can find out which URL caused this alert trigger?
Thanks in advance
Regards,
Kotresha
Solved! Go to Solution.
He's right from what I see if it was from a on-access scan. Here is the complete list of what you will capture. SiteAdvisor installed, that captures it.
Complete list of Event IDs for VirusScan Enterprise
Technical Articles ID: KB52417
McAfee KnowledgeBase - Complete list of Event IDs for VirusScan Enterprise
What was the detection method? If it was just a on-demand scan, then no, because the file is already present on the system. No, if it was realtime- like scriptscan, it should have then reported the threat source if it was able too.
This was On access scan, still we don't have any url entries for that.
during the time of the alert we check firewall logs but we only found that urls related to Microsoft "vortex-win.data.microsoft.com/"
the threat source url is not used by VSE
He's right from what I see if it was from a on-access scan. Here is the complete list of what you will capture. SiteAdvisor installed, that captures it.
Complete list of Event IDs for VirusScan Enterprise
Technical Articles ID: KB52417
McAfee KnowledgeBase - Complete list of Event IDs for VirusScan Enterprise
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA