Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 9544 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

W32/AutoRun-BSY identified on wrong workstation on Entrerprise Console

oxo

For a while now we have the threat W32/AutoRun-BSY showing up on our console, but it has always been identified as the wrong workstation by the console. The last time to  found the effected workstation we had to logon to all our workstations and interogate sophos. 

Is there an easier way to find out what workstation that is affected?

Thanks

:49308


This thread was automatically locked due to age.
Parents
  • 0

    Hello oxo,

    thanks for the details.

    "Outstanding alerts and errors" requesting a restart

    This is the result of an almost complete and in principle successful cleanup but nevertheless a reboot should be performed at the earliest convenience. Dunno the details of the threat but its name suggests you can expect it to be found (also) on removable media. An appearance on another workstation is likely a detection in its own right. I don't quite understand the wrong workstation part though - what made you think the workstation for which it was reported is not affected?

    I'd suggest to run the Alert and event history report - please note that you can select a specific threat to report with Properties ..., tab Configuration using the Advanced... button (bottom right). This will show you all the alerts and the subsequent actions. You should also take a look at the locations of the detections - whether on removable media or perhaps in a user's profile. This should help you to figure out the source of the malware.

    Christian

    :49316
Reply
  • 0

    Hello oxo,

    thanks for the details.

    "Outstanding alerts and errors" requesting a restart

    This is the result of an almost complete and in principle successful cleanup but nevertheless a reboot should be performed at the earliest convenience. Dunno the details of the threat but its name suggests you can expect it to be found (also) on removable media. An appearance on another workstation is likely a detection in its own right. I don't quite understand the wrong workstation part though - what made you think the workstation for which it was reported is not affected?

    I'd suggest to run the Alert and event history report - please note that you can select a specific threat to report with Properties ..., tab Configuration using the Advanced... button (bottom right). This will show you all the alerts and the subsequent actions. You should also take a look at the locations of the detections - whether on removable media or perhaps in a user's profile. This should help you to figure out the source of the malware.

    Christian

    :49316
Children
No Data