sunhux
asked on
where do outlook email attachmt get saved temporarily: malware alert of attachmt being opened
user claimed he clicked on email attachmt
for the AV alert below (his PC is Internet segregated) but I hv doubt: wud an email attachmt save under ...windowscommunicationapp s... ?
Threat location: C:\Users\johnnyr\AppData\L ocal\Packa ges\micros oft.window scommunica tionsapps_ 8wekyb3d8b bwe\LocalS tate\Files \S0\1\Atta chments\Fi le[14327]. doc
Threat name: Trojan.W97M.POWLOAD.SMAF3
for the AV alert below (his PC is Internet segregated) but I hv doubt: wud an email attachmt save under ...windowscommunicationapp
Threat location: C:\Users\johnnyr\AppData\L
Threat name: Trojan.W97M.POWLOAD.SMAF3
You should look at filtering that vendors offer, maybe your ISP that does your email has it for you, unless you are routing mail directly and have the problem of also being an open relay, they should block the message before it gets to the user to avoid this as you dont want malware to spread in your environment.
ASKER
>filtering that vendors offer, maybe your ISP that does your email has it for you
Even the best filtering level of O365 ie E5 (as well as ProofPoint) still misses quite
a number of such phishing/spam emails,.
We have 2 layers of filtering already: one by O365 & one by another email
security product & these mails still get through (tho most of them are filtered
away).
For this particular user's case, when we interrogate him, he would only say he
forwarded his personal email to corporate mailbox & he has deleted it away
(thus we could not investigate/verify his claim), thus based on the folder that
I gave above, I'm trying to verify it it's truly from an email's attachment
Even the best filtering level of O365 ie E5 (as well as ProofPoint) still misses quite
a number of such phishing/spam emails,.
We have 2 layers of filtering already: one by O365 & one by another email
security product & these mails still get through (tho most of them are filtered
away).
For this particular user's case, when we interrogate him, he would only say he
forwarded his personal email to corporate mailbox & he has deleted it away
(thus we could not investigate/verify his claim), thus based on the folder that
I gave above, I'm trying to verify it it's truly from an email's attachment
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That and your AV has found it there, the proof is in the pudding so to say.
Regards
Alex