Eddie

Time Stamp Inconsistencies

Recommended Posts

Received an email alert earlier this morning stating:

Quote

Emsisoft identified the following threat:

Detected object: F:\Dell T5600\Storage controller\setup.exe
Workspace: XXX
Device: XYQ
User: someone

Detected by: Behavior Blocker
Type: Startup
Performed action: Excluded, Unknown, Blocked by community

Timestamp: 2020-02-14T23:42:35.000Z

Component: Behavior Blocker

Action:   Detection

When I checked with the user, he said that he downlodaded a driver from the Dell Site and saved it on a stick, but has not yet run it.

Looking at the info in the cloud console under details I am getting this:

Quote

Component: Behavior Blocker

Action:   Detection

15/02/2020, 10:42:35 am
Behavior Blocker event

Looking at the log file on the pc in question is says:

Quote

2/15/2020 10:42:35 AM
Behavior Blocker detected suspicious behavior "AutorunCreation" of F:\Dell T5600\Storage controller\setup.exe (SHA1: 40960AD68F192522E7474AF47C9744FC35CBE977)


 

There are two things not clear to me:

a) Detection - what has happened subsequent to the detection -  the file is not quarantined and I believe it was allowed to run as it has been saved to the stick. So what did the behaviour blocker actually do?

b) why are timestamps inconsistent?  the email alert I received came through almost immediately but the time listed in the timestamp is way out. Is this based on a server setting in Germany?

cheers

Eddie

 

 

Share this post


Link to post
Share on other sites

@Eddie  Timestamps:  the  "2020-02-14T23:42:35.000Z"     looks to me as if it is saying 23:42 Z(ulu) ie GMT,   which might well be the same as 10:42 /pm/  in a nearby (or the same) place if there's a one hour difference from GMT in local time.   

But your "10:42" timestamps show /am/.   It would help to know where in the world you are, and where in the world the client pc is.

Share this post


Link to post
Share on other sites

We have improved notifications in a next Cloud Console release.

The timezone difference between Server and users/admin are expected and might be improved and probably settable in a future update of Cloud Console,

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.