Checked the logs and found that the SW is blocking the same Trojan almost once every hour or more. There are just hundreds of the same one. I can see which workstation/internal IP address is involved. The workstations IP is the Source virtually everytime. The WAN destination is always in the same IP which is 205.185.216.42 except for a few that ended 205.185.216.10. The alert is "Gateway Anti-Virus Alert: KingSoft.D_4 (Trojan) blocked"
The only constantly running software on that machine that might be constantly talking to the internet even while idle is the Fedex and UPS software since this is the companys shipping computer.
That workstation does not appear to be infected with anything.
Any ideas.
Thanks
Adam
No comments:
Post a Comment