Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 2226 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to track the user account logged in when the infection happened?

RWSysEngr

Hi Guys,

Can any of you help me in trying to figure out the user account who was logged into the local machine when the infection happened via the Sophos Management Console?  I tried running a report but I was only able to see the Computer name.

Thanks!

:17991


This thread was automatically locked due to age.
Parents
  • 0

    Hello,

    first an emendation and an amendment .

    A detection is not necessarily an infection. Infection can refer to an item or a computer, a trojan for example is not infected though. The term should be used with caution. 

    You can't see who was logged on - Sophos does not keep track of logins. What you can see is the user context under which the file is accessed. For scheduled scans you'll see SYSTEM regardless of the logged on user.

    You can see the user when you view the computer details (double-click the computer name, or select/right-click, or select/Actions menu).

    Christian

    :17995
Reply
  • 0

    Hello,

    first an emendation and an amendment .

    A detection is not necessarily an infection. Infection can refer to an item or a computer, a trojan for example is not infected though. The term should be used with caution. 

    You can't see who was logged on - Sophos does not keep track of logins. What you can see is the user context under which the file is accessed. For scheduled scans you'll see SYSTEM regardless of the logged on user.

    You can see the user when you view the computer details (double-click the computer name, or select/right-click, or select/Actions menu).

    Christian

    :17995
Children
No Data