Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
junior_kakou
Contributor

PC infected

the section security in monitoring indicates that there are two infected computers and 31 others that are probably infected. the antivirus is correctly activated but I do not understand why the posts could be infected?
I ran kaspersky antivirus but nothing was detected. so then and protect the machines with CP?

what is the difference between prevent and detect in the blade control and how can delet infected information in .InfectedHostsLogs?

pictures:

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

As you've shown in the screenshot, it appears the machines in question accessed sites that are known to contain malware, which generally would only happen in one of two situations:

  • The PC has some malicious software loaded on it (e.g. because it was infected with malware)
  • It's a false positive

You'd have to look closer into the logs to find out what site they accessed.

There are certain Anti-Bot protections that can only be "detected" due to the small number of packets involved.

0 Kudos
Hugo_vd_Kooij
Advisor

Prevents means a session has been broken off prematurely by the firewall.

Detect means it just saw something suspicious but it was not stopped by the firewall.

Botnet activity could just be a DNS query that point to a suspected host. 

As a rule of thumb I find these overviews a bit confusing. Just get into the relevant logs and see what details you get there.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events