SecuReporter Antivirus

Michael_I

Hello, we´re working on a Windows Server 2019 as terminal server. In the secu reporter are some blocked Viruses. Is there any possibility to get more information on a terminal server (which User, was it from an e mail or from the internet e.g...)

Thanks

Zyxel_Can

Hi @Michael_I,

 

In SecuReporter you can see the user for virus under Analysis > Security Indicator menu;

For the source of a virus, you can find Search > Logs > Antivirus / Malware menu;

You can check Source port under this menu.

 

If through browser, the source port should be 80 or 443.

If through mail, the source port should be 110 or 995.

Michael_I

edit: Using a Atp200

Zyxel_Can

Hi @Michael_I,

 

As far as I understand Terminal Server means Remote Desktop Protocol. Do you mean you are accessing Windows Server 2019 via Remote Desktop Protocol?

 

Also can you please describe specifically where do you want to see user and download source of virus(internet or e-mail) in Windows Server 2019?

Michael_I

Yes, we work with thin clients via rdp on a Windows Server. Behind the Server is the zyxel. Therefore I can´t exacly see what happens, when a Virus was blocked. I want to see which user it was and if it came via email oder Browser.

mMontana

Without a proxy IMVHO you cannot catch the user logged triggering the issue.

Zyxel_Can

Hi @Michael_I,

 

In SecuReporter you can see the user for virus under Analysis > Security Indicator menu;

For the source of a virus, you can find Search > Logs > Antivirus / Malware menu;

You can check Source port under this menu.

 

If through browser, the source port should be 80 or 443.

If through mail, the source port should be 110 or 995.