bbahes 29 Posted May 4, 2019 Posted May 4, 2019 (edited) Hi! After deploying EES 7.1 to 50 clients we have one reporting (notification to e-mail for Malicious file detected (trojan / worm / virus / application) enabled in Notifications) "Malicious file JS/Adware.Agent.AF was detected on computer ..." However, I don't see threat reported in THREATS page in ESMC, but neither on client details > alerts page. We are using default policies and have only 3 that Append firewall rules: Is there something else we need to configure ? Edited May 4, 2019 by bbahes
ESET Staff MartinK 384 Posted May 4, 2019 ESET Staff Posted May 4, 2019 Could you please double-check filters used to show threats of this device in console? Especially time interval and severity filter should be set in a way all threats are shown. It is possible that it has no "information" severity and thus possibly not shown in console by default. Could you also check "Filtered websites" tab in client logs? This one is collected by ESMC, but not shown in threats view (was integrated to future release).
bbahes 29 Posted May 4, 2019 Author Posted May 4, 2019 25 minutes ago, MartinK said: Could you please double-check filters used to show threats of this device in console? Especially time interval and severity filter should be set in a way all threats are shown. It is possible that it has no "information" severity and thus possibly not shown in console by default. Could you also check "Filtered websites" tab in client logs? This one is collected by ESMC, but not shown in threats view (was integrated to future release). You are right! Default filter is to filter resolved threats. In this case, JS/AdWare.Agent.AF was resolved on client by connection termination so it did not show up in Threats page. Thanks @MartinK
Recommended Posts