3 Replies Latest reply on Dec 28, 2012 7:56 AM by alanshore

    Spyware question


      Hello all, thank you for being awesome! I have a question.


      I am "Playing" around with the spyware detections on our organization and noticing some detections but when I want to get more details about the detections by looking at detection logic for files and registry it comes up empty, attaching screenshots below


      My question is how is the spyware definitions detecting the infection? Is there somewhere I can go to see exactly where its detecting in detail such as (C:/Virus.exe found)


      When I download some definitions from the the landesk update server and look inside the definitions I see nothing that its scanning for to take to my security team and say, he its detecting this, here's what its scanning for.


      Any ideas?

        • 1. Re: Spyware question
          Frank Wils ITSMMVPGroup

          You can check the vulscan.log files on the local devices. Run 'vulscan e' and it will open the map where the logs are located.



          1 of 1 people found this helpful
          • 2. Re: Spyware question

            Thanks Frank! As those pictures above, am I missing something? When I look at definitions i've downloaded from LANDesk they are empty, but machines still come back detected


            I wish  there was a way to see the logs of the machine right on the server console, for ex. When I look at the log, I see Landesk is detecting a win32-trojan that's saying Mcafee is a virus, would be helpful if I could see that on the server instead of having to go through Logs on machines.



            Am I missing something?


            Thanks again

            • 3. Re: Spyware question

              Found it!


              When you click on affected computers on the spyware your looking at you get to see a "Reason" and it tells you where the files are located that its detecting. 


              Hope this helps others!