4 Replies Latest reply on Nov 16, 2015 1:42 PM by sfinnerty

    EPO not listing the full "Threat Target File Path"

    sfinnerty

      Hello All,

       

      When we look at our threat events list in EPO, most of the threat events also indicate the path of the file in question (i.e. c:\program files\appdata\... etc). This information shows up in the "Threat Target File Path" field. However, one of our servers only displays the file path as follows: <servername>|infectedfile.xls. Is there a way to expand this information and get the full file path rather than just the name of the infected file?

       

      Thanks!

      Sean

        • 1. Re: EPO not listing the full "Threat Target File Path"
          rrodrig1

          Which product is generating the event, and what is the event ID? If it's possible, could you post a screenshot of the event details? It may be useful to help figure out the issue.

          • 2. Re: EPO not listing the full "Threat Target File Path"
            sfinnerty
            Server ID:
            Event Received Time:11/10/15 7:48:05 AM
            Event Generated Time:11/10/15 7:44:09 AM
            Agent GUID:CA653EE4-9DAF-4B60-805E-36C652FC979C
            Detecting Prod ID (deprecated):MSME____8000
            Detecting Product Name:MSME
            Detecting Product Version:8.0.7987.100
            Detecting Product Host Name:
            Detecting Product IPv4 Address:
            Detecting Product IP Address:
            Detecting Product MAC Address:
            DAT Version:7980.0000
            Engine Version:5700.7163
            Threat Source Host Name:
            Threat Source IPv4 Address:
            Threat Source IP Address:
            Threat Source MAC Address:
            Threat Source User Name:m.singleton@gilkes.com
            Threat Source Process Name:OnAccess (Transport)
            Threat Source URL:
            Threat Target Host Name:
            Threat Target IPv4 Address:
            Threat Target IP Address:
            Threat Target MAC Address:
            Threat Target User Name:<user's email address here>
            Threat Target Port Number:
            Threat Target Network Protocol:
            Threat Target Process Name:
            Threat Target File Path:<servername>|99631 RBE.xls
            Event Category:Malware detected
            Event ID:8000
            Threat Severity:Alert
            Threat Name:W97M/Downloader.aqi
            Threat Type:Anti-Virus
            Action Taken:Replaced
            Threat Handled:True
            Analyzer Detection Method:
            • 3. Re: EPO not listing the full "Threat Target File Path"
              georgec

              That's because it was picked up by MSME which scans e-mails on exchange servers (not on the endpoint). Because the file is detected within the e-mail, you won't get the path like in the VSE events.

               

              George

              • 4. Re: EPO not listing the full "Threat Target File Path"
                sfinnerty

                Thanks for the info! I appreciate the support