SecuReporter Antivirus

Michael_I · May 2021

Hello, we´re working on a Windows Server 2019 as terminal server. In the secu reporter are some blocked Viruses. Is there any possibility to get more information on a terminal server (which User, was it from an e mail or from the internet e.g...)

Thanks

Image: https://us.v-cdn.net/6029482/uploads/editor/lz/wtjztliwhqyk.jpg

Zyxel_Can · May 2021

Hi @Michael_I,

In SecuReporter you can see the user for virus under Analysis > Security Indicator menu;

Image: https://us.v-cdn.net/6029482/uploads/editor/pl/a7o1zg0h3rnl.png

For the source of a virus, you can find Search > Logs > Antivirus / Malware menu;

Image: https://us.v-cdn.net/6029482/uploads/editor/9d/21zxmw3m2fnv.png

You can check Source port under this menu.

If through browser, the source port should be 80 or 443.

If through mail, the source port should be 110 or 995.

Michael_I · May 2021

edit: Using a Atp200

Zyxel_Can · May 2021

Hi @Michael_I,

As far as I understand Terminal Server means Remote Desktop Protocol. Do you mean you are accessing Windows Server 2019 via Remote Desktop Protocol?

Also can you please describe specifically where do you want to see user and download source of virus(internet or e-mail) in Windows Server 2019?

Michael_I · May 2021

Yes, we work with thin clients via rdp on a Windows Server. Behind the Server is the zyxel. Therefore I can´t exacly see what happens, when a Virus was blocked. I want to see which user it was and if it came via email oder Browser.