3 Replies Latest reply: Feb 1, 2013 8:48 PM by mcafeenewb RSS

    Postalreceipt.exe Only Found During OAS or ODS

    kenobe

      Hi all,

       

      I have a user that unwisely downloaded the postalreceipt.zip file and unzipped it.  SCCM shows the file existed on the system 22 Jan.  It wasn't until a scan was run 7 days later that VSE found and deleted the Trojan.

       

      I have noticed this wtih several recent detections - SCCM shows the files as of one date but VSE doesn't detect the files until a scan is run. 

       

      Shouldn't VSE hit on these files as they are downloaded to the machine, not just during a scan?

       

      Thanks

       

      Ken