- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
06-25-2015 12:51 PM
Troubleshooting what I think is a false positive but the Detailed Log View (under Threats monitoring) only shows the filename and not its full location on the HD of the machine. Is there any way to find out the full location?
06-26-2015 12:11 AM
Data filtering log.
Click on magnifying glass and bottom right there is url column where you can see full url.
06-26-2015 08:23 AM
Thanks for the reply. Do you mean the magnifying glass that brings up the "Detailed Log View?" Its URL column only indicates "setup.exe" in this example, and not the full disk path. I wonder if that's available anywhere?
06-26-2015 08:45 AM
Yes
It depends on application.
Go and browse the web.
Download some pdf or doc from internet for example.
Go and find log entry for this file.
And you should see referer link there.
If not then copy ip of other side and paste it to URL filtering log.
Probably as destination. For example
( addr.dst in 194.106.121.19 )
06-26-2015 08:48 AM
In this case, it is *originating* from an internal machine to another, and the only URL listed is the filename without its fixed disk location. I am guessing the filename + the originating machine is as much information as it will have since that info isn't on the network info without some sort of agent on the originating machine. I'm trying to find out where on that originating machine it is located.
06-26-2015 08:53 AM
So it is SMB traffic (Windows file share)?
06-26-2015 08:54 AM
Yes, it's SMB traffic. Whoops forgot to mention that.
06-26-2015 10:30 PM
I doubt that you see UNC path anywhere.
For example you can't block traffic based on UNC path Dynamic Block Lists and UNC Server Path
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!