where do outlook email attachmt get saved  temporarily:  malware alert of attachmt being opened

sunhux
sunhux used Ask the Experts™
on
user claimed he clicked on email attachmt
for the AV alert below (his PC is Internet segregated) but I hv doubt:  wud an email attachmt save under ...windowscommunicationapps... ?

Threat location: C:\Users\johnnyr\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\1\Attachments\File[14327].doc
Threat name: Trojan.W97M.POWLOAD.SMAF3
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AlexA lack of information provides a lack of a decent solution.

Commented:
Malware will save to anyplace it can and where it thinks it'll get some further access. So yes, that's entirely plausible.

That and your AV has found it there, the proof is in the pudding so to say.

Regards
Alex
Edward van BiljonMessaging and Collaboration Technical Lead (Exchange MVP & MCT)

Commented:
You should look at filtering that vendors offer, maybe your ISP that does your email has it for you, unless you are routing mail directly and have the problem of also being an open relay, they should block the message before it gets to the user to avoid this as you dont want malware to spread in your environment.

Author

Commented:
>filtering that vendors offer, maybe your ISP that does your email has it for you
Even the best filtering level of O365 ie E5 (as well as ProofPoint) still misses quite
a number of such phishing/spam emails,.

We have 2 layers of filtering already: one by O365 & one by another email
security product & these mails still get through (tho most of them are filtered
away).

For this particular user's case, when we interrogate him, he would only say he
forwarded his personal email to corporate mailbox & he has deleted it away
(thus we could not investigate/verify his claim), thus based on the folder that
I gave above, I'm trying to verify it it's truly from an email's attachment
A lack of information provides a lack of a decent solution.
Commented:
Firstly "Interrogating" your staff isn't the best way forward, take on board that he's almost certainly telling you the truth and it was a mistake. I'd recommend further training to this user in the correct way to be utilising his company equipment and also refer him to your IT Policies and Procedures so he can better inform himself for what is acceptable. Forwarding personal email is certainly not one of them.
Regards
Alex

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial