Forum Discussion

Contonso's avatar
Contonso
Level 4
12 years ago

Question about attachments

Hi there,

our virus scanner detected an infected file in one of the EV_CVT_Temp_ folders. This file was moved immidiately to the quarantine by the scanner software. If I am correct these CVT_Temp folders are used for archiving as well for manual archiving.

My question is if I have any chance to find out who of our users has archived this infected file? I checked all available EV logs but could not find any username or file.

Is there propably a chance to find out something in the EV DBs? Unfortunately we are not using Journaling.

EV version is 10.01 and we are running Exchange 2010.

Regards

  • Okay that's a super-generic detection, as I said, it's not a virus.  I'd bet good money on it.

    Where is that folder located? The full path I mean.

  • Hi,

    thanks for reply. We are using Symantec Endpoint Protection and it detected the file as a Trojan.Gen

    It is folder EV_CVT_Temp_2.

    Regards

  • Okay that's a super-generic detection, as I said, it's not a virus.  I'd bet good money on it.

    Where is that folder located? The full path I mean.

  • The Full path is: C:\Users\evltadmin\AppData\Local\Temp\EV_CVT_Temp_2

     

     

  • Okay, well %temp% for the Vault Service Account should be excluded from AV scanning.