Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 1045 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virus : 2 Items blocked

Koddi
Hi. I think this is an easy question for you all as I am not very confirm with the astaro until now. We are using 7.101. On the dashboard, I can see Anti Virus : 2 Items Blocked. How can I see where it was blocked (which IP/Wokstation) or if it was on a web page, or in the network. Thanks for your help !


This thread was automatically locked due to age.
Parents
  • 0
    Good question... you can look through the HTTP Proxy access logs (if you have that enabled) and search for "blocked" (you'll have to sift through the ones that were blocked because of bad categories, etc.) ... that should show you which client and what site they were accessing.  I don't think there's currently a log entry that will show you what virus or worm it was, though... it would be nice to be able to just click a button and get a nice little report, though.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    Hi Bruce. I found it, thanks. I found in the content filter logs from yesterday. I opened in text editior (80 MB lol) and by search "virus detected" I found the entries with IP, User ID and concerning web page.
    And yes, this is not very comfortable to find it this way eventhough it is a securitry thing .....
Reply
  • 0 in reply to BrucekConvergent
    Hi Bruce. I found it, thanks. I found in the content filter logs from yesterday. I opened in text editior (80 MB lol) and by search "virus detected" I found the entries with IP, User ID and concerning web page.
    And yes, this is not very comfortable to find it this way eventhough it is a securitry thing .....
Children
No Data