This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to track the user account logged in when the infection happened?

Hi Guys,

Can any of you help me in trying to figure out the user account who was logged into the local machine when the infection happened via the Sophos Management Console? I tried running a report but I was only able to see the Computer name.

Thanks!

This thread was automatically locked due to age.

0 QC over 13 years ago

Hello,
first an emendation and an amendment .
A detection is not necessarily an infection. Infection can refer to an item or a computer, a trojan for example is not infected though. The term should be used with caution.
You can't see who was logged on - Sophos does not keep track of logins. What you can see is the user context under which the file is accessed. For scheduled scans you'll see SYSTEM regardless of the logged on user.
You can see the user when you view the computer details (double-click the computer name, or select/right-click, or select/Actions menu).
Christian
:17995
Cancel
Vote Up 0 Vote Down

Cancel
0 RWSysEngr over 13 years ago

hmmm.....a trojan, to my understanding, is a malware....thus, if a malware gets to be downloaded into your system, it's already considered an infection.....
:18021
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 13 years ago

Agreed - there's a subtle distinction between infection and infected in the meaning of broken out disease. Indeed Sophos calls their tool Sophos Source of Infection Tool. Still I'm reluctant to completely withdraw my statement - having dealt with, err, successful infections with yet unknown malware. Maybe someone can come up with distinctive terms :smileyhappy:
Anyway - did you find the information you were looking for?
Christian
:18049
Cancel
Vote Up 0 Vote Down

Cancel