asked on

where do outlook email attachmt get saved temporarily: malware alert of attachmt being opened

user claimed he clicked on email attachmt
for the AV alert below (his PC is Internet segregated) but I hv doubt: wud an email attachmt save under ...windowscommunicationapps... ?

Threat location: C:\Users\johnnyr\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\1\Attachments\File[14327].doc
Threat name: Trojan.W97M.POWLOAD.SMAF3

Alex

Malware will save to anyplace it can and where it thinks it'll get some further access. So yes, that's entirely plausible.

That and your AV has found it there, the proof is in the pudding so to say.

Regards
Alex

Edward van Biljon (MVP)

You should look at filtering that vendors offer, maybe your ISP that does your email has it for you, unless you are routing mail directly and have the problem of also being an open relay, they should block the message before it gets to the user to avoid this as you dont want malware to spread in your environment.

sunhux

ASKER

>filtering that vendors offer, maybe your ISP that does your email has it for you
Even the best filtering level of O365 ie E5 (as well as ProofPoint) still misses quite
a number of such phishing/spam emails,.

We have 2 layers of filtering already: one by O365 & one by another email
security product & these mails still get through (tho most of them are filtered
away).

For this particular user's case, when we interrogate him, he would only say he
forwarded his personal email to corporate mailbox & he has deleted it away
(thus we could not investigate/verify his claim), thus based on the folder that
I gave above, I'm trying to verify it it's truly from an email's attachment

ASKER CERTIFIED SOLUTION

Alex

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial