I have four of these Intrusion events showing in the SEP security log on my Exchange server, 2 on 6/8 and 2 on 6/10. The full description is:
[SID: 32350] System Infected: Trojan.Trickybot Activity 15 attack blocked. Traffic has been blocked for this application: SYSTEM
The direction field shows "Outgoing." This server does a full scan every night and virus definitions are current.
I checked the aspnet_client folder and there are no rogue files found there. I'm also seeing numerous Information items in the SEP System log like this:
[SONAR detection Submission] File submitted to Symantec. File : 'c:\windows\system32\wscript.exe', Size (bytes): 5855.
I'm stumped as to whether this server is infected or not. What do I need to do?
Thanks,
Deb