0 Replies Latest reply on Mar 12, 2013 8:35 AM by ron.sokol

    Weird "Threat_Detected" threat name I can't seem to find to tune out.

    ron.sokol

      I have on a couple of occasions received an email from ePO based on an automated response rule I actually wrote for VSE.  It triggers on an unhandled malware detection.

       

      I don't receive all details on the threat from the email which is normal, but based on the approximate time, I feel I should be able to find it in the threat event logs or AppControl observation applet.  But alas, I cannot.

       

      Here are the details I do have from the original email notification (sanitized):

      ePolicy Orchestrator Notification

      Response Name: AAP: Corp Malware detected and not handled Event Type Name: Threat Defined at: Corp System Location: GlobalRoot\mypath

      Description: Sends an e-mail notification when "Malware detected and not handled" events are received.

       

      Number of events: 1

      Target Host Name(s): [myhost]

      Target User Name(s):

      Source IPV6 addresses: [myip]

      Source IPV4 addresses: [myip]

      Threat Names: THREAT_DETECTED

      Detecting Product Names: Solidcore

      Threat Target File Path: C:\Program Files (x86)\RealVNC\VNC4\vncviewer.exe

       

      Can anyone help me put a down payment on a clue? LOL!  Thanks in advance.

       

      Message was edited by: ron.sokol BTW, I'm running SC 6.0.0.340 ePO mgt. extension 6.0.0.542 ePO 4.6 P1, MA 4.6 P2 on 3/12/13 8:35:40 AM CDT