I have on a couple of occasions received an email from ePO based on an automated response rule I actually wrote for VSE. It triggers on an unhandled malware detection.
I don't receive all details on the threat from the email which is normal, but based on the approximate time, I feel I should be able to find it in the threat event logs or AppControl observation applet. But alas, I cannot.
Here are the details I do have from the original email notification (sanitized):
ePolicy Orchestrator Notification
Response Name: AAP: Corp Malware detected and not handled Event Type Name: Threat Defined at: Corp System Location: GlobalRoot\mypath
Description: Sends an e-mail notification when "Malware detected and not handled" events are received.
Number of events: 1
Target Host Name(s): [myhost]
Target User Name(s):
Source IPV6 addresses: [myip]
Source IPV4 addresses: [myip]
Threat Names: THREAT_DETECTED
Detecting Product Names: Solidcore
Threat Target File Path: C:\Program Files (x86)\RealVNC\VNC4\vncviewer.exe
Can anyone help me put a down payment on a clue? LOL! Thanks in advance.
Message was edited by: ron.sokol BTW, I'm running SC 22.214.171.1240 ePO mgt. extension 126.96.36.1992 ePO 4.6 P1, MA 4.6 P2 on 3/12/13 8:35:40 AM CDT