4 Replies Latest reply on Apr 27, 2012 8:36 AM by Arjen

    Block the connection when a threat is detected?

    canavas

      I have a window 2008 R2 64 server. It is getting and event warning 2012.

      I have read that if I uncheck  "Block the connection when a threat is detected in a shared folder" the event warning goes away. However, is the server still secure? What if I drop the lock time to 2 minutes from 10. Any ideas?

      Sharon

        • 1. Re: Block the connection when a threat is detected?
          greatscott

          Sounds like you may want to run an On Demand Scan on that shared folder, as there may be an infection in there. I wouldn't just uncheck the box so that the connection won't be dropped.

          • 2. Re: Block the connection when a threat is detected?
            canavas

            I cant tell what share folder has the problem. This server has many shares on it an alot of data. Any hints on how to get the info on what share?

            thanks

            • 3. Re: Block the connection when a threat is detected?
              greatscott

              I could be making a dumb assumption that your are managing these VSE systems with ePolicy Orchestrator, but if you do, this is what you should do:

               

              Go into ePO and create a tag, unique to your systems that are file shares.

              Tag all your file shares

              Create an On Demand Scan task and set it to "Send this task to only computers which have the following criteria" and select the tag that you just created for these systems.

              Run the task at your leasure

              View the results by creating a threat event query. Filter the query so that it contains only those IP's where you ran your scan. Be mindful though that your results may not show immediately, as On Demand Scans can sometimes take an hour or more to run, depending on the type of system.

               

              I would check back frequently, to see if your query has returned any results. Hopefully the On Demand Scan picks up some detections and erradicates them.

               

              Message was edited by: greatscott on 4/24/12 12:22:26 PM CDT
              • 4. Re: Block the connection when a threat is detected?
                Arjen

                I this you can find the exact file name and location in the on-access logfile of the remote client.

                If you are using ePO, you should get some answers in the reporting section.