Jump to content

SMC Notification Malware outbreak alert


Recommended Posts

Hi there,

we received the following Notification (multiple times) from ESET SMC:

Malware outbreak alert (count per time criteria)

Warnung zu Schadsoftwareausbruch (Anzahl über Zeit)

This Notification is on its default settings (100 Occurences in a 10 Minute Timeframe)

 

Upon checking in with ESET SMC we cannot see any actives Threats that correspond to this.

Is this a false positive? Where should we investigate further?

 

System/Network Information:

Small Business with local Exchange and Fileserver. 20 Windows Clients.

ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)

CentOS (64-bit), Version 7.6.1810

Link to comment
Share on other sites

  • ESET Staff
2 hours ago, CNNS said:

Upon checking in with ESET SMC we cannot see any actives Threats that correspond to this.

Is this a false positive? Where should we investigate further?

Could you specify how you filter those threats? Asking because those threats might be already marked as resolved, as issues was indeed resolved on client and there is no action required. This kind of notification is primarily intended to warn you that something happened in network, which is probably true, even in case there is nothing to be done in ESMC.

Link to comment
Share on other sites

thanks for your reply.

BTW: we are getting a report every hour, so the condition that activates this notification still seems active.

29 minutes ago, MartinK said:

Could you specify how you filter those threats?

If I get your question right you want to know where we already did look for those threats.

So here are some reports (translated from the german installation we have):

 

Threats of the last 30 days grouped for action taken

Group by (Action) Count(Action)
deleted 37
  7
blocked 6
Detected 3
connection terminated 2
cleaned by deleting 1

When I change this report to show a whole year I can get this to a total of 95. Even when changing the filter to show two years, we get only 95 entries.

 

In the Computers view of SMC there are no Threats shown. A few have been marked as resolved in the past days.

 

In the Threats view of SMC there are no current Threats shown. I have to change the filter to show resolved. Then there are 13 entries. If i change this to show 365 days i get the 95 incidents again.

 

Heading over to the Mailsecurity on our Exchange we have the following data in the logs:

Mail-Server-Protection (filtered to show the last 24hours): 302 total, evenly distributed, so like 15 events an hour, containing spam and rules for mail-attachments, this is a normal amount, we usually have like 400 a day

 

 

Link to comment
Share on other sites

  • ESET Staff
4 minutes ago, CNNS said:

BTW: we are getting a report every hour, so the condition that activates this notification still seems active.

Seems this is the most crucial fact: I would recommend to contact ESET support and specific this specific problem that you are endlessly receiving notification of received threat. There was an issue in ESMC 7.0 that could result in this case. It should be resolved also in upcoming version (to be available very soon).

Link to comment
Share on other sites

Solution to this Problem came from eset support:

first we had to edit the noticiation to show additional information, here the computername 

secondly we had to reinstall the eset agent on the computer in the notification

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...