2 Replies Latest reply on Nov 5, 2009 8:21 AM by Rsteven1

    Question about VSE log

      I have a PC stated that W32/Conflicker.worn!job has infected it.

      I know that this PC is not infected in fact there is another PC is attacking it.

       

      We have another PC have been attacked and this PC is using Symantec End Point.

      In SEP, there is a log which PC is attacking it.

      Is there any log in VSE 8.7 can show which PC is attacking my PC?

      Thanks

        • 1. Re: Question about VSE log

          I believe the "On-Access" scanner log should give you that information.(But can't verify that right now)

           

          In any case, you should probably have the option enabled to disconnect any machine that places infected files on the machine.

          • 2. Re: Question about VSE log

            Setup an "User Defined" Access Protection rule in Virus Scan. Choose the "Port Blocking" option. Processes to include value is *, nothing to exclude. Block inbound and outbound for Port range 139 to 139, do the same with a new rule for port 144 to 144. You can "block" ot just "report" on these ports. Monitor the system for when the On Access Scanner gets the detection. You can then use the Access Protection log. The log will give you the IP addresses for the system(s) that are dropping the worm. Go to those systems and pull them off the network. Update and scan those systems using the latest DAT. Remember that you must schedule the scan, reboot and schedule a new scan. If you follow the document I have attached you will knock this worm out!!

             

            Ron