Skip to main content
To Customer Support To Customer Support

Hi, I wonder if I can get some help.

We have server that has Webroot installed. It’s reported a threat like this via email:

An endpoint has recently encountered a threat:

Site Name: xxxx
Hostname: WEB
Group Name: Default Group
Policy Name: xxx DNS Enabled
Keycode: ~Snip~ PTD

Threat List:
1717874811.139868.DLL, W32.Trojan.Gen, %temp%\, 

 

I’m now trying to find out more about the threat so I look in endpoint protection, Save Threat Log and get a “There are no entries in the threat log”. I also run a full scan and nothing comes back.

Am I looking in the wrong place to learn more about this threat.

I’ve rebuilt this server once before, it’s just a simple web server with only 1 admin accessing. I don’t want to rebuilt it again and there’s not actually a problem.

Any pointers in the right direction would be gratefully received.

Thanks

Carl

 

 

Hello @carlwright Please get in contact with Webroot Support for more information on your problem.

Support: https://www.webroot.com/us/en/about/contact-us

Business Support: https://www.webroot.com/us/en/business/support/contact

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.

@carlwright 

Hi,

We would need the MD5 Hash of the file to get more details and look it up. You need to adjust your alert template to show more data too such as the MD5. Use this template for your alerts to get more info:

 

Site Name: :marname]
Hostname: :hostname]
Group Name: :groupname]
Policy Name: :policyname]
Operating System: :operatingsystem]
First Seen: :firstseen]
Current User: :currentuser]
IP Address: :ip]
Active Directory: :activedirectory]
Workgroup: :workgroup]

Infection List:
/infectionlist.filename,malwaregroup,pathname,md5,dwelltime]

 

This will then show you a lot more details. 

 

You scan log should show the hash of the file. If you can get that I can help ya more.

 

Regards
John H

Reply


Terms & Conditions