cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

PC infected

the section security in monitoring indicates that there are two infected computers and 31 others that are probably infected. the antivirus is correctly activated but I do not understand why the posts could be infected?
I ran kaspersky antivirus but nothing was detected. so then and protect the machines with CP?

what is the difference between prevent and detect in the blade control and how can delet infected information in .InfectedHostsLogs?

pictures:

0 Kudos
2 Replies
Admin
Admin

Re: PC infected

As you've shown in the screenshot, it appears the machines in question accessed sites that are known to contain malware, which generally would only happen in one of two situations:

  • The PC has some malicious software loaded on it (e.g. because it was infected with malware)
  • It's a false positive

You'd have to look closer into the logs to find out what site they accessed.

There are certain Anti-Bot protections that can only be "detected" due to the small number of packets involved.

0 Kudos
Highlighted

Re: PC infected

Prevents means a session has been broken off prematurely by the firewall.

Detect means it just saw something suspicious but it was not stopped by the firewall.

Botnet activity could just be a DNS query that point to a suspected host. 

As a rule of thumb I find these overviews a bit confusing. Just get into the relevant logs and see what details you get there.

0 Kudos