We have just implemented MOVE 3.5 Agentless for our VMware virtual servers and need a bit of assistance with automatic response configuration.
Below is a copy of one of the automatic response that we have received and as you can see, it is found by the MOVE virtual appliance. I want to get the automatic response to show what Virtual Server that the Malware was found not the MOVE appliance. Has anyone done this before?
34426Malware detected access denied.Threat Information
Response Name: Malware detected and handled
Threat Severity: Alert
Threat Type: Trojan
Target Filename: C:\Documents and Settings\username\Local Settings\Temporary Internet Files\Content.IE5\OW36SNA9\membership.html
Threat Name: JS/Redirector.bz
Number of events: 1
Threat Handled: true
Threat Action: Malware detected access denied.
Computer & User Details
System Hostname: sva-hostname
System Location: GlobalRoot\Directory\McAfee MOVE
Reference IP Address: xx.xx.xx.xx
OS Type: Linux
Scanned By: OAS
VSE Version: MOVE AV Agentless 3.5.0
DAT Version: 7610.0000
Engine Version: 5600.1067