Computer name      ATW-D00009     
Computer description           
Operating system      Windows 10     
Service pack           
Domain/workgroup      ATTWOODCAMBODIA     
IP address      192.168.1.165     
Sophos Anti-Virus version      10.7.2 VE3.68.0     
HIPS rules      10.3.221.1     
HIPS configuration      1.0.65.1     
Detection data      5.41     
On-access scanning      Active     
Anti-virus and HIPS policy      Same as policy     
Last scheduled scan completed      3/28/2017 1:51:46 PM (Scan my computer)     
Last message received from computer      7/7/2017 1:30:24 PM     
Last logged on user      ATTWOODCAMBODIA\function     
Up to date      Yes     
Updating policy      Same as policy     
Time installed package became available      7/3/2017 8:54:49 PM     
Time next package became available           
Primary update server      \\TERMINAL2\SophosUpdate\CIDs\S000\SAVSCFXP\     
Secondary update server           
Exploit prevention status      Inactive     
Exploit prevention policy compliance      Same as policy     
Exploit prevention agent version      3.6.3.583     
Client firewall enabled      No     
Client firewall policy      Same as policy     
Client firewall version      3.0.4     
Client firewall mode      Block by default     
Application control policy      Same as policy     
Application control on-access scanning      Active     
Data control scanning status      Active     
Device control scanning status      Inactive     
Data control policy compliance      Same as policy     
Device control policy compliance      Same as policy     
Tamper protection status      Inactive     
Tamper protection policy compliance      Same as policy     
Patch assessment      Active     
Patch policy      Same as policy     
Patch agent version      1.0.311.1     
Web control status      Active     
Web control policy      Same as policy     
Group      \Global Group\Computers     
 
Outstanding alerts and errors     
 
Sophos Anti-Virus status     
Date/time      Code      Description     
6/29/2017 4:39:29 PM      a058000c      Web Protection is no longer functional. The filtering driver has been bypassed or unloaded.     
6/24/2017 10:50:27 AM      a058000c      Web Protection is no longer functional. The filtering driver has been bypassed or unloaded.     
 
Latest application control events     
 
Date/time      User      Application name      Application type     
7/7/2017 8:32:46 AM      ATTWOODCAMBODIA\function      Windows Store      Download manager     
7/3/2017 9:20:31 AM      ATTWOODCAMBODIA\function      Windows Store      Download manager     
7/3/2017 9:02:54 AM      ATTWOODCAMBODIA\function      Internet Download Manager      Download manager     
7/3/2017 8:29:31 AM      ATTWOODCAMBODIA\function      Internet Download Manager      Download manager     
7/1/2017 9:43:13 AM      NT AUTHORITY\SYSTEM      Internet Download Manager      Download manager     
6/29/2017 9:06:14 AM      ATTWOODCAMBODIA\function      Windows Store      Download manager     
6/29/2017 8:20:19 AM      NT AUTHORITY\SYSTEM      Internet Download Manager      Download manager     
6/28/2017 8:51:18 AM      ATTWOODCAMBODIA\function      Windows Store      Download manager     
6/28/2017 8:48:32 AM      ATTWOODCAMBODIA\function      Internet Download Manager      Download manager     
6/27/2017 2:50:30 PM      ATTWOODCAMBODIA\function      Windows Store      Download manager     
 
Latest firewall events     
 
Date/time      Event type      File name      File version      Direction      Protocol      File checksum      Remote port      Remote address      Launching process     
3/31/2017 8:15:53 AM      No application rule      OfficeClickToRun.exe      16.0.7766.1349      Outbound      TCP      cb6ac02c92bba30187ea4591d771660e      443      168.61.146.25           
3/31/2017 8:15:49 AM      No application rule      OfficeClickToRun.exe      16.0.7766.1349      Outbound      TCP      cb6ac02c92bba30187ea4591d771660e      443      23.101.30.126           
3/31/2017 8:15:45 AM      No application rule      svchost.exe      10.0.14393.0 (rs1_release.160715-1616)      Outbound      TCP      36f670d89040709013f6a460176767ec      80      175.28.3.8           
3/29/2017 5:25:25 PM      No global rule                  Outbound      IGMP                  224.0.0.22           
3/29/2017 5:25:15 PM      No application rule      OneDrive.exe      17.3.6798.0207      Outbound      TCP      aae92457f50f4dd74e2d502adb9549ee      80      207.46.7.252           
3/29/2017 5:25:15 PM      New application      OneDrive.exe      17.3.6798.0207      Unknown            aae92457f50f4dd74e2d502adb9549ee                       
3/29/2017 5:25:09 PM      No application rule      svchost.exe      10.0.14393.0 (rs1_release.160715-1616)      Outbound      UDP      36f670d89040709013f6a460176767ec      1900      239.255.255.250           
3/29/2017 5:25:09 PM      No application rule      SearchUI.exe      10.0.14393.953 (rs1_release_inmarket.170303-1614)      Outbound      TCP      ebc4935445ca5a3d4d898076642ec618      443      204.79.197.200           
3/29/2017 5:25:09 PM      New application      SearchUI.exe      10.0.14393.953 (rs1_release_inmarket.170303-1614)      Unknown            ebc4935445ca5a3d4d898076642ec618                       
3/29/2017 5:19:35 PM      No application rule      OfficeClickToRun.exe      16.0.7766.1349      Outbound      TCP      cb6ac02c92bba30187ea4591d771660e      443      13.107.3.128           
 
Latest web events     
 
Date/time      User      URL      Action      Reason      Referring URL      Reference ID     
4/29/2017 11:43:09 AM      ATTWOODCAMBODIA\function      www.khmer-note.com/news/197039      Block      Spam URLs      www.facebook.com           
4/26/2017 5:06:06 PM      ATTWOODCAMBODIA\function      sbbanner.com/newmedia/kh/media/khSBnG_728x90.gif      Warn      Gambling      www.khmerwonder.net/post/6132           
4/20/2017 5:06:07 PM      ATTWOODCAMBODIA\function      c.cnzz.com/core.php      Block      Adult/Sexually Explicit      www.camhr.com/pages/jobs/index.jsp           
4/20/2017 5:00:53 PM      ATTWOODCAMBODIA\function      c.cnzz.com/core.php      Block      Adult/Sexually Explicit      www.camhr.com/pages/jobs/job.jsp           
4/20/2017 4:42:20 PM      ATTWOODCAMBODIA\function      c.cnzz.com/core.php      Block      Adult/Sexually Explicit      www.camhr.com/pages/jobs/index.jsp           
4/20/2017 4:41:51 PM      ATTWOODCAMBODIA\function      c.cnzz.com/core.php      Block      Adult/Sexually Explicit      www.camhr.com/pages/jobs/index.jsp           
4/20/2017 4:40:48 PM      ATTWOODCAMBODIA\function      c.cnzz.com/core.php      Block      Adult/Sexually Explicit      www.camhr.com           
4/20/2017 4:39:52 PM      ATTWOODCAMBODIA\function      c.cnzz.com/core.php      Block      Adult/Sexually Explicit      www.camhr.com/pages/jobs/job.jsp           
4/20/2017 4:39:31 PM      ATTWOODCAMBODIA\function      c.cnzz.com/core.php      Block      Adult/Sexually Explicit      www.camhr.com/pages/employer/index.jsp           
4/20/2017 4:38:43 PM      ATTWOODCAMBODIA\function      c.cnzz.com/core.php      Block      Adult/Sexually Explicit      www.camhr.com/pages/jobs/index.jsp           
 
History     
 
Sophos Anti-Virus status     
Date/time      Code      Description     
6/29/2017 4:39:29 PM      a058000c      Web Protection is no longer functional. The filtering driver has been bypassed or unloaded.     
6/24/2017 10:50:27 AM      a058000c      Web Protection is no longer functional. The filtering driver has been bypassed or unloaded.     
 
Sophos AutoUpdate status     
Date/time      Code      Description     
7/7/2017 9:12:16 AM      00000000      Updated successfully     
7/5/2017 9:11:30 AM      00000000      Updated successfully     
7/3/2017 9:06:22 AM      00000000      Updated successfully     
7/3/2017 8:36:15 AM      00000000      Updated successfully     
6/29/2017 2:02:56 PM      00000000      Updated successfully     
6/27/2017 1:59:37 PM      00000000      Updated successfully     
6/26/2017 8:39:13 AM      00000000      Updated successfully     
6/24/2017 8:34:21 AM      00000000      Updated successfully     
 
IDEs installed     
 
age-awlw.ide      age-awmh.ide      age-awmi.ide      age-awmr.ide      age-awpx.ide     
age-awpz.ide      age-awqx.ide      auto-cah.ide      auto-cal.ide      auto-cav.ide     
bank-gtr.ide      bank-gtv.ide      bank-gtw.ide      banl-cqt.ide      bckd-ruq.ide     
betab-bb.ide      betab-bc.ide      betab-be.ide      betab-bf.ide      blada-eo.ide     
blada-ey.ide      blada-fa.ide      cerb-amv.ide      cerb-anb.ide      chisb-rq.ide     
coinmi-t.ide      darkc-fn.ide      decep-ab.ide      docd-jdz.ide      docd-jei.ide     
docd-jej.ide      docd-jfm.ide      docd-jge.ide      docd-jhl.ide      docd-jho.ide     
docd-jjh.ide      docd-jjl.ide      docd-jlm.ide      docd-jly.ide      docd-jmc.ide     
docd-jmz.ide      docdr-ae.ide      docdr-wv.ide      docdr-wy.ide      docdr-xo.ide     
docdr-yd.ide      docdr-zl.ide      docdr-zr.ide      dofoi-fr.ide      dride-yd.ide     
dride-ye.ide      dride-yo.ide      dwnl-tmw.ide      equgrp-h.ide      fare-dcl.ide     
fare-dcx.ide      fare-ddr.ide      fare-ddw.ide      fare-deu.ide      fare-dex.ide     
fare-dfn.ide      fare-dgg.ide      fare-dgn.ide      fare-dgy.ide      gepys-s.ide     
gozi-ib.ide      gozi-ig.ide      gozi-ii.ide      gozi-ij.ide      hawke-pa.ide     
hawke-pc.ide      hawke-pe.ide      htadl-ab.ide      htmld-ac.ide      htmld-dt.ide     
htmldr-b.ide      inje-cpv.ide      injec-si.ide      kovte-hh.ide      lethi-br.ide     
lethi-bs.ide      lethi-bt.ide      limit-ps.ide      locky-xc.ide      mdro-hxa.ide     
mdro-hxg.ide      mdro-hxk.ide      mdro-hxn.ide      mdro-hyi.ide      miner-ce.ide     
miner-cp.ide      miner-cr.ide      miure-fc.ide      msil-jvv.ide      msil-jwc.ide     
msil-jwd.ide      msil-jwe.ide      msil-jwt.ide      msil-jxf.ide      msil-jyh.ide     
msil-jzo.ide      nanoc-ql.ide      netwi-lt.ide      netwi-lu.ide      netwi-lx.ide     
nymai-eo.ide      nymai-es.ide      nymai-fd.ide      nymai-fo.ide      nymai-ft.ide     
pdfdw-an.ide      pdfdwn-f.ide      pdfu-ble.ide      pdfu-bmv.ide      pdfu-bmz.ide     
pdfu-bph.ide      pdfu-bqu.ide      pdfu-bri.ide      pdfu-brm.ide      pdfu-bto.ide     
pdfu-btw.ide      pdfu-buw.ide      pdfu-bvi.ide      pdfu-bvm.ide      petya-bh.ide     
petya-bi.ide      petya-bk.ide      petya-bl.ide      petya-bn.ide      phis-ajw.ide     
phis-alc.ide      phis-ald.ide      phis-ale.ide      phis-amo.ide      phis-amr.ide     
phis-ams.ide      phis-anv.ide      phis-ape.ide      phis-apg.ide      phis-aph.ide     
phis-apk.ide      phis-apm.ide      phis-apx.ide      phis-apz.ide      ps-d.ide     
qakbo-cd.ide      qbot-da.ide      qbot-dm.ide      ramni-fi.ide      rans-enl.ide     
rans-enn.ide      rans-enu.ide      rans-eob.ide      rans-eoe.ide      rans-eof.ide     
rans-eom.ide      rans-eot.ide      rans-eou.ide      rans-eov.ide      rans-eow.ide     
rat-j.ide      recam-f.ide      recam-i.ide      recam-l.ide      remcos-m.ide     
shiot-cb.ide      shiot-cc.ide      shiot-ce.ide      spora-an.ide      talmad-c.ide     
ursni-bb.ide      vb-jnh.ide      vbs-op.ide      vortex-c.ide      waucho-m.ide     
wont-aam.ide      wont-aan.ide      wont-aar.ide      xtbl-ag.ide      xtbl-ah.ide     
zbot-lsj.ide      zbot-lsv.ide                       
 
Total      182