remote admin console displays NT Authority\system as user in threat log

Hi Everyone

This is my first time posting to this forum. Any help would be appreciated with my situation:

I am running ESET along with the remote administrator console on about 100 clients in a private school. Operating system is Windows XP Professional SP2 or higher and Windows Server 2003.

In the remote administrator console, under threat log tab, users are being listed as NT AUTHORITY\SYSTEM. Is there any way actual domain usernames can be displayed instead? Right now we are having problems with viruses being spread around on memory sticks and no way to trace whose memory sticks are infected with the viruses.

Thanks

 

Couldn't it be that the threats were found during a scheduled on-demand scan or a startup scan? If they were found by real-time protection, the current user should have been listed instead of the system account.

 

Which brings me to another question. When a user plugs a memory stick or flashdrive into the computer, and ESET performs a scan, shouldn't the user be listed instead of the system account?

 

The USB stick isn't scanned when it's plugged in. Files are scanned as they are accessed.

 

Then is there any way we can do an automatic scan of memory sticks when they are plugged in? Right now we have the following viruses being spread around:
Win32/Peerfrag.GW worm
INF/Autorun virus
IRC/SdBot trojan

once in a while, the actual user is shown in the threat log. The other 97% of the time, the user is shown as NT AUTHORITY\SYSTEM. Is there any setting in ESET to force it to show actual user names for all threats?

 

No. However, the threats should be cleaned upon access or execution.

The threats must have been detected by other than the real-time or on-demand scanner which are actually run in the account of the current user. If possible, post here the complete relevant record from the threat log.

 

Column Name Value
Threat Id Threat 3013
Client Name Lib51504a
Computer Name Lib51504a
MAC Address
Primary Server
Date Received 2011-03-21 11:54:26
Date Occurred 2011-03-21 11:51:51
Level Critical Warning
Scanner Real-time file system protection
Object file
Name D:\Autorun.inf
Threat INF/Autorun virus
Action unable to clean
User NT AUTHORITY\SYSTEM
Information Event occurred during an attempt to access the file by the application: C:\WINDOWS\system32\svchost.exe.
Details Ready

 

A friend suggested I make up a batch file to automatically initialize a full ESET scan of memory sticks when they are plugged into the USB drive and implement it via group policy in Server 2003. Does anyone have experience with this?