|
|
|||||||
|
|
Thread Tools | Search this Thread |
|
#1
January 26th, 2012, 05:18 PM
|
|||
|
|||
EAV 4.2 BE: how to find the original date/time stamp of a quarantined file?
Is there any way to find out the "Last Modified" date and time info for a file that has been quarantined by NOD32? This is invaluable information, as it tells us when the malicious file was written to disk. Plus, we would like to check user's browser history to see what web site may have infected them. We have special tools that allow us to view IE and Firefox browser history logs...
|
|
#2
January 27th, 2012, 12:17 AM
|
|||
|
|||
|
Re: EAV 4.2 BE: how to find the original date/time stamp of a quarantined file?
This information is not available as the original malicious file is removed and a new one is created in an encrypted form in quarantine. Since malware often modifies the timestamp to hide in the system and making finding it out more difficult, I, for one, don't see any practical use of storing timestamps.
|
|
#3
January 27th, 2012, 06:34 AM
|
|||
|
|||
|
Re: EAV 4.2 BE: how to find the original date/time stamp of a quarantined file?
Real world experience for us has been quite different Marcos. We frequently are able to associate the time stamp of a malicious file with a user's browser history - and then determine what web site caused the infection. We then BLOCK that site so that other users do not get infected. So I strongly encourage you to rethink this feature request...
|
|
#4
January 27th, 2012, 07:57 AM
|
|||
|
|||
|
Re: EAV 4.2 BE: how to find the original date/time stamp of a quarantined file?
Marcos, also keep in mind that the date/time stamp would be just ONE MORE piece of forensic evidence that your software could provide to those of us that have to protect hundreds or thousands of machines. I am sure you see the wisdom in being able to determine what web site infected a machine by comparing the malicious file's creation time versus the user's browser history, then quickly blocking the infected website so that our entire MSP client base is immediately protected against this strain of malware. That is being HUGELY PROACTIVE. Even if this date/time info only helped us in 10% of malware issues, that is significant!
Hey you other MSPs - how about letting ESET know you also would like this feature added... |
|
#5
January 27th, 2012, 07:59 AM
|
|||
|
|||
|
Re: EAV 4.2 BE: how to find the original date/time stamp of a quarantined file?
Marcos - does this web site have any way to vote on feature requests? Or do users have to subscribe to this thread and post their remarks? A voting system would be extremely helpful for ESET in determining what the most requested features are...
|
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
