SecuReporter Antivirus

Michael_I
Michael_I Posts: 42  Freshman Member
First Anniversary 10 Comments Friend Collector
Hello, we´re working on a Windows Server 2019 as terminal server. In the secu reporter are some blocked Viruses. Is there any possibility to get more information on a terminal server (which User, was it from an e mail or from the internet e.g...)

Thanks

Accepted Solution

  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Answer ✓

    Hi @Michael_I,

     

    In SecuReporter you can see the user for virus under Analysis > Security Indicator menu;

    For the source of a virus, you can find Search > Logs > Antivirus / Malware menu;


    You can check Source port under this menu.

     

    If through browser, the source port should be 80 or 443.

    If through mail, the source port should be 110 or 995.


All Replies

  • Michael_I
    Michael_I Posts: 42  Freshman Member
    First Anniversary 10 Comments Friend Collector
    edit: Using a Atp200
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment

    Hi @Michael_I,

     

    As far as I understand Terminal Server means Remote Desktop Protocol. Do you mean you are accessing Windows Server 2019 via Remote Desktop Protocol?

     

    Also can you please describe specifically where do you want to see user and download source of virus(internet or e-mail) in Windows Server 2019?
  • Michael_I
    Michael_I Posts: 42  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Yes, we work with thin clients via rdp on a Windows Server. Behind the Server is the zyxel. Therefore I can´t exacly see what happens, when a Virus was blocked. I want to see which user it was and if it came via email oder Browser.
  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Without a proxy IMVHO you cannot catch the user logged triggering the issue.
  • Zyxel_Can
    Zyxel_Can Posts: 342  Zyxel Employee
    Friend Collector First Answer First Comment
    Answer ✓

    Hi @Michael_I,

     

    In SecuReporter you can see the user for virus under Analysis > Security Indicator menu;

    For the source of a virus, you can find Search > Logs > Antivirus / Malware menu;


    You can check Source port under this menu.

     

    If through browser, the source port should be 80 or 443.

    If through mail, the source port should be 110 or 995.


Security Highlight