Sureshkumaar
asked on
Security Alerts
Hi
we have got the below alert in our server monitoring
New Account Name (HelpAssistant_eefebe) has been added and deleted within 1 hour of Time frame on server .. i am unable to trace anything on the server. Please help me by giving more information about this and also on how to avoid this in future.
Thanks in advance
Suresh Techy.
we have got the below alert in our server monitoring
New Account Name (HelpAssistant_eefebe) has been added and deleted within 1 hour of Time frame on server .. i am unable to trace anything on the server. Please help me by giving more information about this and also on how to avoid this in future.
Thanks in advance
Suresh Techy.
Hi Suresh, What tool you use to monitor your network.. Is this Symantec Enterprise Security Manger??
HelpAssistant is the default windows account name.. and eefebe should be your computer name.. this account is default you dont have to do any on it.. let it be...
You need to exclude/suppress this account not for this alert...
You need to exclude/suppress this account not for this alert...
ASKER
Hi Murali
monitoring is being done by other team who are specialists in ISMS. and the computer name is not eefebe. could i get more details on this. I googled and found no info is satisfying.
For what help assistants are used? Why it should create and delete the user id's on its own?
Sureshtechy.
monitoring is being done by other team who are specialists in ISMS. and the computer name is not eefebe. could i get more details on this. I googled and found no info is satisfying.
For what help assistants are used? Why it should create and delete the user id's on its own?
Sureshtechy.
Hi Suresh.. actally i can tell you how this alert has been throuwn by your secuirty monitoring system...
these security monitoring systems will record the system state everytime.... typically these are called snapshots.. and they will have schedule running.. everyday or everyweek.. when it runs initially it captures all security settings of machine like usrs, groups, membership, local security policy and etc...
when the next schedule runs.. it captures and compares with preview snapshot.. whatever difference found .. based on category like users or security policy it will assign the critically and throgh the alert..
at this point of time you can tel your security team that.. this is default windows account.. no account has been created.. it is been there from the time of windows installed.. so exclude this user from the check...
and also you question back them... why you are alerting you on this.. bcoz it is been there from long time.. why now the security system is alerting me about it.. is it not somethign wrong from their end???
these security monitoring systems will record the system state everytime.... typically these are called snapshots.. and they will have schedule running.. everyday or everyweek.. when it runs initially it captures all security settings of machine like usrs, groups, membership, local security policy and etc...
when the next schedule runs.. it captures and compares with preview snapshot.. whatever difference found .. based on category like users or security policy it will assign the critically and throgh the alert..
at this point of time you can tel your security team that.. this is default windows account.. no account has been created.. it is been there from the time of windows installed.. so exclude this user from the check...
and also you question back them... why you are alerting you on this.. bcoz it is been there from long time.. why now the security system is alerting me about it.. is it not somethign wrong from their end???
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.