Showing results for 
Search instead for 
Did you mean: 
Level 7

OAS scans and proxy logs question- HELP

Hey all, I am new to the community and was just wondering if someone could answer a question that I can't seem to find any discussions about in the forums.  These questions are concerning when an OAS scan from ePO 5.3 is performed during web browsing file downloads and detects a potentially malicious file (event generated time) and reports to ePO at a later time (event received time).

  • In the case of a simple javascript file being downloaded to the default browser cache and being detected as malicious but not deleted, is the "event generated time" in the logs the exact time the file was downloaded or perhaps when ePO decided it could not delete the file and gave up?
  • If it is the exact time of download, why does the detected timestamp never line up with web traffic in my proxy logs?
  • Do Mac machines create an issue with this?
0 Kudos