Jump to content


Sign in to follow this  
sothpaw

Delay in SCEP e-mail notification

Recommended Posts

Hello To All the SCEP Guru's out there:

 

I was wondering if anyone could provide a little more information on this subject. A user was on a local newspaper website on Friday, January 31st. She clicked on a bad link on the newspaper website and ended up getting some malware on her machine. We have SCEP setup to e-mail a bunch of us. My boss is now asking as to why the e-mail alert took so long:

 

 

Here's the e-mail:

 

-----Original Message-----

From: SCCM1Alerts@abc123.gov [mailto:SCCM1Alerts@abc123.gov]

Sent: Tuesday, February 04, 2014 4:19 PM

To: Network Services Alerts; !_IS Infrastructure and Operations

Subject: Configuration Manager Malware Detected Alert: Malware detection alert for collection: EP - All Workstations

 

Configuration Manager Endpoint Protection has detected malware on one or more computers in your organization

 

Collection name: EP - All Workstations

 

Malware Name: Rogue:Win32/FakePAV

Number of infections: 2

Last detection time(UTC time): 2/5/2014 12:14:47 AM

 

These are the infections of this malware:

1. Computer name: C35008.abc123

Domain: abc123

Detection time(UTC time): 2/5/2014 12:14:47 AM Malware file path: containerfile:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU4SVRZX\3b7a7117f8d80c212311b6c54eef9a72[1].exe;file:_C:\Users\LUsername\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JU4SVRZX\3b7a7117f8d80c212311b6c54eef9a72[1].exe->(UPX)

Remediation action: Remove

Action status: Succeeded

 

2. Computer name: C35008.abc123

Domain: abc123

Detection time(UTC time): 2/5/2014 12:11:11 AM Malware file path: containerfile:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1ZR0UJF\3b7a7117f8d80c212311b6c54eef9a72[1].exe;file:_C:\Users\Username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1ZR0UJF\3b7a7117f8d80c212311b6c54eef9a72[1].exe->(UPX)

Remediation action: Remove

Action status: Succeeded

To view further information about malware activity in your organization, run Malware Details Report.

 

Note: No additional Malware Detection alerts will be generated for these computers if no new infections are found in the next 24 hours.

 

 

Any information would be greatly appreciated.

 

 

Thanks,

 

sothpaw

Share this post


Link to post
Share on other sites


Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...