Jump to content

Threat reported via notification, not in ESMC Threats page


Recommended Posts

Hi!

After deploying EES 7.1 to 50 clients we have one reporting (notification to e-mail for Malicious file detected (trojan / worm / virus / application) enabled in Notifications) "Malicious file JS/Adware.Agent.AF was detected on computer ..."

image.png.bea6c1b79206d598107cb9ed46fcd7ef.png

However, I don't see threat reported in THREATS page in ESMC, but neither on client details > alerts page.

We are using default policies and have only 3 that Append firewall rules:

 

image.thumb.png.1f08b8328ff1b0a851dc62d661d4622f.png

 

Is there something else we need to configure ?

Edited by bbahes
Link to comment
Share on other sites

  • ESET Staff

Could you please double-check filters used to show threats of this device in console? Especially time interval and severity filter should be set in a way all threats are shown. It is possible that it has no "information" severity and thus possibly not shown in console by default.

Could you also check "Filtered websites" tab in client logs? This one is collected by ESMC, but not shown in threats view (was integrated to future release).

Link to comment
Share on other sites

25 minutes ago, MartinK said:

Could you please double-check filters used to show threats of this device in console? Especially time interval and severity filter should be set in a way all threats are shown. It is possible that it has no "information" severity and thus possibly not shown in console by default.

Could you also check "Filtered websites" tab in client logs? This one is collected by ESMC, but not shown in threats view (was integrated to future release).

You are right! Default filter is to filter resolved threats. In this case, JS/AdWare.Agent.AF was resolved on client by connection termination so it did not show up in Threats page.

Thanks @MartinK

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...