Sign in

Microsoft.com

United States (English)

Brasil (Português)Česká republika (Čeština)Deutschland (Deutsch)España (Español)France (Français)Italia (Italiano)Россия (Русский)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語)香港特别行政區 (中文)

Forefront Client Security TechCenter

Troubleshooting

Forefront Client Security TechCenter > Forefront Client Security Forums > Forefront Client Security Alerting and Monitoring > Illegal file download

Illegal file download

Monday, June 29, 2009 3:06 PMBuzy Mind

0
Sign In to Vote
I have been ordered to find the person(computer) from my network who downloaded an illegal file from the internet. How do i do this please?

Thanks
- Edited byBuzy Mind Monday, June 29, 2009 3:16 PM
- Reply
- Quote

Answers

Tuesday, June 30, 2009 10:29 AMNick Gu - MSFTMSFT, Moderator

0
Sign In to Vote
Hi,

Thank you for your post.

Before going any further, I’d like to confirm whether you want to monitor the network using Forefront Client Security. If that is right, I am afraid you cannot achieve your goal.

As we know, Forefront Client Security helps guard against emerging threats, such as spyware and rootkits, as well as traditional threats, such as viruses, worms, and Trojan horses. If you want to monitor you network or get the real-time network usage, you may find these on report from the ISA Server 2006. In addition, we also use some 3^rd part Network Monitor software to do that.

Regards,
Nick Gu - MSFT
- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorMonday, July 06, 2009 6:31 AM
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, July 07, 2009 1:48 AM
- Reply
- Quote
Saturday, July 04, 2009 7:10 PMJohan Blom, Forefront MVPMVP

0
Sign In to Vote
you will have to find out what site it was downloaded from and then look in the firewall logs to find out which computer on your internal network visited that site.
If you know roughtly what time this happend you can filter on that timeframe.

/johan
MCSE, forefront spec | www.msforefront.com
- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorMonday, July 06, 2009 6:31 AM
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, July 07, 2009 1:48 AM
- Reply
- Quote

All Replies

Tuesday, June 30, 2009 10:29 AMNick Gu - MSFTMSFT, Moderator

0
Sign In to Vote
Hi,

Thank you for your post.

Before going any further, I’d like to confirm whether you want to monitor the network using Forefront Client Security. If that is right, I am afraid you cannot achieve your goal.

As we know, Forefront Client Security helps guard against emerging threats, such as spyware and rootkits, as well as traditional threats, such as viruses, worms, and Trojan horses. If you want to monitor you network or get the real-time network usage, you may find these on report from the ISA Server 2006. In addition, we also use some 3^rd part Network Monitor software to do that.

Regards,
Nick Gu - MSFT
- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorMonday, July 06, 2009 6:31 AM
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, July 07, 2009 1:48 AM
- Reply
- Quote
Saturday, July 04, 2009 7:10 PMJohan Blom, Forefront MVPMVP

0
Sign In to Vote
you will have to find out what site it was downloaded from and then look in the firewall logs to find out which computer on your internal network visited that site.
If you know roughtly what time this happend you can filter on that timeframe.

/johan
MCSE, forefront spec | www.msforefront.com
- Proposed As Answer byNick Gu - MSFTMSFT, ModeratorMonday, July 06, 2009 6:31 AM
- Marked As Answer byNick Gu - MSFTMSFT, ModeratorTuesday, July 07, 2009 1:48 AM
- Reply
- Quote

Need Help with Forums? (FAQ)