locked
Virus Origin RRS feed

  • Question

  • Is there any way FCS and/or MOM can report the IP or computer name that a virus originated from or was passed from? I am currently trying to track down a virus on our network and it would help if FCS or MOM could tell me the IP or computer name of where it came from.

    Thanks!

    Wednesday, August 31, 2011 3:00 PM

Answers

  • Hi Chris,

    Thank you for your post.

    As far as I know, there is no way to report the virus origin computer ip or name. You could view your clients virus details in Malware Summary Report and Malware Detected report.
    Generally, virus spreads from clients which AV software not work or virus defintions not up-to-date, files share folder, removable disk device, user visiting unsafety website. So the clients are not compliant in Deployment Summary Report should be suspicious of virus origin.  


    Regards,
    Rick Tan
    • Marked as answer by Rick Tan Thursday, September 8, 2011 8:16 AM
    Friday, September 2, 2011 9:01 AM

All replies

  • Hi Chris,

    Thank you for your post.

    As far as I know, there is no way to report the virus origin computer ip or name. You could view your clients virus details in Malware Summary Report and Malware Detected report.
    Generally, virus spreads from clients which AV software not work or virus defintions not up-to-date, files share folder, removable disk device, user visiting unsafety website. So the clients are not compliant in Deployment Summary Report should be suspicious of virus origin.  


    Regards,
    Rick Tan
    • Marked as answer by Rick Tan Thursday, September 8, 2011 8:16 AM
    Friday, September 2, 2011 9:01 AM
  • Thanks for your post Rick! I have been watching pc's theat are getting hit with Conficker.B and running wireshark on them to detect where it is coming from. FCS is stopping Conficker and removing it on the workstations that are running FCS.
    Monday, September 5, 2011 2:34 PM