cancel
Showing results for 
Search instead for 
Did you mean: 

EPO not listing the full "Threat Target File Path"

Jump to solution

Hello All,

When we look at our threat events list in EPO, most of the threat events also indicate the path of the file in question (i.e. c:\program files\appdata\... etc). This information shows up in the "Threat Target File Path" field. However, one of our servers only displays the file path as follows: <servername>|infectedfile.xls. Is there a way to expand this information and get the full file path rather than just the name of the infected file?

Thanks!

Sean

1 Solution

Accepted Solutions
georgec
Level 13
Report Inappropriate Content
Message 4 of 5

Re: EPO not listing the full "Threat Target File Path"

Jump to solution

That's because it was picked up by MSME which scans e-mails on exchange servers (not on the endpoint). Because the file is detected within the e-mail, you won't get the path like in the VSE events.

George

4 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: EPO not listing the full "Threat Target File Path"

Jump to solution

Which product is generating the event, and what is the event ID? If it's possible, could you post a screenshot of the event details? It may be useful to help figure out the issue.

Re: EPO not listing the full "Threat Target File Path"

Jump to solution
Server ID:
Event Received Time:11/10/15 7:48:05 AM
Event Generated Time:11/10/15 7:44:09 AM
Agent GUID:CA653EE4-9DAF-4B60-805E-36C652FC979C
Detecting Prod ID (deprecated):MSME____8000
Detecting Product Name:MSME
Detecting Product Version:8.0.7987.100
Detecting Product Host Name:
Detecting Product IPv4 Address:
Detecting Product IP Address:
Detecting Product MAC Address:
DAT Version:7980.0000
Engine Version:5700.7163
Threat Source Host Name:
Threat Source IPv4 Address:
Threat Source IP Address:
Threat Source MAC Address:
Threat Source User Name:m.singleton@gilkes.com
Threat Source Process Name:OnAccess (Transport)
Threat Source URL:
Threat Target Host Name:
Threat Target IPv4 Address:
Threat Target IP Address:
Threat Target MAC Address:
Threat Target User Name:<user's email address here>
Threat Target Port Number:
Threat Target Network Protocol:
Threat Target Process Name:
Threat Target File Path:<servername>|99631 RBE.xls
Event Category:Malware detected
Event ID:8000
Threat Severity:Alert
Threat Name:W97M/Downloader.aqi
Threat Type:Anti-Virus
Action Taken:Replaced
Threat Handled:True
Analyzer Detection Method:
georgec
Level 13
Report Inappropriate Content
Message 4 of 5

Re: EPO not listing the full "Threat Target File Path"

Jump to solution

That's because it was picked up by MSME which scans e-mails on exchange servers (not on the endpoint). Because the file is detected within the e-mail, you won't get the path like in the VSE events.

George

Re: EPO not listing the full "Threat Target File Path"

Jump to solution

Thanks for the info! I appreciate the support