Jump to content

Time Stamp Inconsistencies


Eddie
 Share

Recommended Posts

Received an email alert earlier this morning stating:

Quote

Emsisoft identified the following threat:

Detected object: F:\Dell T5600\Storage controller\setup.exe
Workspace: XXX
Device: XYQ
User: someone

Detected by: Behavior Blocker
Type: Startup
Performed action: Excluded, Unknown, Blocked by community

Timestamp: 2020-02-14T23:42:35.000Z

Component: Behavior Blocker

Action:   Detection

When I checked with the user, he said that he downlodaded a driver from the Dell Site and saved it on a stick, but has not yet run it.

Looking at the info in the cloud console under details I am getting this:

Quote

Component: Behavior Blocker

Action:   Detection

15/02/2020, 10:42:35 am
Behavior Blocker event

Looking at the log file on the pc in question is says:

Quote

2/15/2020 10:42:35 AM
Behavior Blocker detected suspicious behavior "AutorunCreation" of F:\Dell T5600\Storage controller\setup.exe (SHA1: 40960AD68F192522E7474AF47C9744FC35CBE977)


 

There are two things not clear to me:

a) Detection - what has happened subsequent to the detection -  the file is not quarantined and I believe it was allowed to run as it has been saved to the stick. So what did the behaviour blocker actually do?

b) why are timestamps inconsistent?  the email alert I received came through almost immediately but the time listed in the timestamp is way out. Is this based on a server setting in Germany?

cheers

Eddie

 

 

Link to comment
Share on other sites

@Eddie  Timestamps:  the  "2020-02-14T23:42:35.000Z"     looks to me as if it is saying 23:42 Z(ulu) ie GMT,   which might well be the same as 10:42 /pm/  in a nearby (or the same) place if there's a one hour difference from GMT in local time.   

But your "10:42" timestamps show /am/.   It would help to know where in the world you are, and where in the world the client pc is.

Link to comment
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...