none
Auditing file creating

    Question

  • We have a SBS 2003 server and recently there have been a number of spam files (all .exe files like PORN.EXE and SEXY.EXE) that are being written to a common data shared folder on the server. This is malware, I'm sure but I cannot figure out what system is creating these files (the server itself is clean.)

    How can I tell what machine (or IP) is responsible for saving these files on the server? I've tried to setup an AUDIT of the folder but I'm not getting any results for saving and deleting files...only access/logon info.

    Is there a way to determine what machine (or user) is saving/creating these files?

    Wednesday, January 02, 2013 9:25 PM

Answers

  • Install our File Auditing product FileSure (www.bystorm.com) and configure it to watch for the creation of *.exe files.  There's a 21 day trial which should give you enough time to find your culprit without having to spend any money. :)

    You're requirement is close to PCIDSS and here's a short video about it: http://www.bystorm.com/resources-videos.html#!prettyphoto/45/

    HTH,

    Gene

    • Marked as answer by ISD-PC-MAN Thursday, January 03, 2013 10:05 PM
    Thursday, January 03, 2013 3:06 PM

All replies