I was wondering if anyone could provide a little more information on this subject. A user was on a local newspaper website on Friday, January 31st. She clicked on a bad link on the newspaper website and ended up getting some malware on her machine. We have SCEP setup to e-mail a bunch of us. My boss is now asking as to why the e-mail alert took so long:
To: Network Services Alerts; !_IS Infrastructure and Operations
Subject: Configuration Manager Malware Detected Alert: Malware detection alert for collection: EP - All Workstations
Configuration Manager Endpoint Protection has detected malware on one or more computers in your organization
Collection name: EP - All Workstations
Malware Name: Rogue:Win32/FakePAV
Number of infections: 2
Last detection time(UTC time): 2/5/2014 12:14:47 AM
These are the infections of this malware:
1. Computer name: C35008.abc123
Domain: abc123
Detection time(UTC time): 2/5/2014 12:14:47 AM Malware file path: containerfile:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU4SVRZX\3b7a7117f8d80c212311b6c54eef9a72[1].exe;file:_C:\Users\LUsername\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU4SVRZX\3b7a7117f8d80c212311b6c54eef9a72[1].exe->(UPX)
Remediation action: Remove
Action status: Succeeded
2. Computer name: C35008.abc123
Domain: abc123
Detection time(UTC time): 2/5/2014 12:11:11 AM Malware file path: containerfile:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1ZR0UJF\3b7a7117f8d80c212311b6c54eef9a72[1].exe;file:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1ZR0UJF\3b7a7117f8d80c212311b6c54eef9a72[1].exe->(UPX)
Remediation action: Remove
Action status: Succeeded
To view further information about malware activity in your organization, run Malware Details Report.
Note: No additional Malware Detection alerts will be generated for these computers if no new infections are found in the next 24 hours.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
Hello To All the SCEP Guru's out there:
I was wondering if anyone could provide a little more information on this subject. A user was on a local newspaper website on Friday, January 31st. She clicked on a bad link on the newspaper website and ended up getting some malware on her machine. We have SCEP setup to e-mail a bunch of us. My boss is now asking as to why the e-mail alert took so long:
Here's the e-mail:
-----Original Message-----
From: SCCM1Alerts@abc123.gov [mailto:SCCM1Alerts@abc123.gov]
Sent: Tuesday, February 04, 2014 4:19 PM
To: Network Services Alerts; !_IS Infrastructure and Operations
Subject: Configuration Manager Malware Detected Alert: Malware detection alert for collection: EP - All Workstations
Configuration Manager Endpoint Protection has detected malware on one or more computers in your organization
Collection name: EP - All Workstations
Malware Name: Rogue:Win32/FakePAV
Number of infections: 2
Last detection time(UTC time): 2/5/2014 12:14:47 AM
These are the infections of this malware:
1. Computer name: C35008.abc123
Domain: abc123
Detection time(UTC time): 2/5/2014 12:14:47 AM Malware file path: containerfile:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU4SVRZX\3b7a7117f8d80c212311b6c54eef9a72[1].exe;file:_C:\Users\LUsername\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU4SVRZX\3b7a7117f8d80c212311b6c54eef9a72[1].exe->(UPX)
Remediation action: Remove
Action status: Succeeded
2. Computer name: C35008.abc123
Domain: abc123
Detection time(UTC time): 2/5/2014 12:11:11 AM Malware file path: containerfile:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1ZR0UJF\3b7a7117f8d80c212311b6c54eef9a72[1].exe;file:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1ZR0UJF\3b7a7117f8d80c212311b6c54eef9a72[1].exe->(UPX)
Remediation action: Remove
Action status: Succeeded
To view further information about malware activity in your organization, run Malware Details Report.
Note: No additional Malware Detection alerts will be generated for these computers if no new infections are found in the next 24 hours.
Any information would be greatly appreciated.
Thanks,
sothpaw
Share this post
Link to post
Share on other sites