Endpoint Protection

 View Only

  • 1.  Computer Status logs for Macs

    Posted Feb 25, 2011 10:07 AM
      |   view attached

    Just running into a little but of confusion on the logs from the SEPM for our Macs.  We are currently running SEP for Mac 11.6 and recently had a couple of our Mac users report that they received a pop-up from SEP telling them it found a suspicious file and cleaned it.  Unfortunately I did not receive the call from them until after they had cleared the infection pop-up off so I did not get a screen shot of it.  

    However I figured I would just pull some logs off the SEPM to find out what was detected.  So I pulled a Risk log for all Mac operating systems and it came back with no risks.  I then pulled a Computer Status log for all Mac operating systems again.  The information I got back is a little confusing to me.  

    For Worst Detection the log shows No detections, but for Last Virus Time it shows 2/16.  Attached a screenshot of the log.  I guess other than trying to pull a log off the Mac client how can I find out what it is detected.

    Just curious because this will be the first time we have had anything be detected on our Mac clients, and according to the Computer Status log quite a few of them have had a virus.

     



  • 2.  RE: Computer Status logs for Macs
    Best Answer

    Posted Feb 25, 2011 01:55 PM

    There's an Idea I recommend you vote up for the reporting for Macs:

    Scan results displayed for SEP for Mac clients in SEPM's Reporting needs expansion

    What you will probably want to look at is actually on the client machine: with the SEP client interface open, look under Tools then View History. That will show you Date, Location (you will have to hover your mouse over the file name to see the full path), Virus and Status. Unfortunately, the log can't be exported.

    In 3+ years with working with AV for Macintosh I have never once encountered a machine that was actively infected. Java cache detections, W32.* detections, and macroviruses from old Word documents, yes, but not a true OSX infection. 

    What was detected was probably a PC file (or something related to a Windows-only threat), and I would bet it was picked up by Auto-Protect.

    Hope this helps.

    sandra



  • 3.  RE: Computer Status logs for Macs

    Posted Feb 25, 2011 03:28 PM

    Thanks for the answer.  I will get ahold of the client machine and look there.  



  • 4.  RE: Computer Status logs for Macs

    Posted Feb 25, 2011 04:55 PM

    Happy to help. Let us know how things go smiley

    sandra