How to find if a user attempted to run a software on a network

Hi

We have windows 7 and windows 2012 DC
Our Antivirus software console has sent us an alert email to me which gives the following details. I know the user and the PC name from the alert email.
Is there a way to find whether the user tried to run this software on our network PCs or he just tried to use the USB stick to copy files and the Antivirus has detected the software as Trojan and sent an alert to me.

Machine name
User name
Scan date
Software version
ThreatDB version

Threat: Trojan.win32.generic
Category:Trojan
Severity:high risk
Action:quarantined

Traces found

archive: d:\password reveal
(1).zip|app\iepv.exe


Any help much appreciated

Thanks
lianne143Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
the file it is in is (1).zip so probably the zip file was written there and the a/v picked it up during real-time scanning
0
andreasSystem AdminCommented:
But nevertheless the user tried to run it or not, this kind of software should in any case kept out of a company network.
Normally you can not tell from AV log if the scanner just stumbled on it while listing the directory or because the user tried to open the file. any access to the file will trigger the scan even the windows system caused file access.

additionally you can try to turn on app locker auditing, see here https://technet.microsoft.com/en-us/library/dd723693%28v=ws.10%29.aspx for that PC and see what the user tries to run in future.
Normally this isnt on by default. Furthermore note that in some countries this kind of monitoring might be illegal and violating privacy rights.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Danny ChildIT ManagerCommented:
If your users have *rights* to do installs or use USBs, then it's only a matter of time before Bad Things happen.  We use Lumension End Point protection for the latter, and you can block the former with user rights.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.