If you have any item shown in this tab, it means that the listed computers has been compromised and been manipulated to join in an attack of some remote or local sites. A compromised machine like this is called a botnet. A botnet consumes the network bandwidth dramatically and it generally has the following characteristics to be recognized as a botnet:
When a botnet is recognized by Capsa, you should first look up its IP address and save its relating packets, and then cut the machines off the network immediately. Then do a full virus scan on the computer to remove the malware from the it. When you are pretty sure the malware has been removed, you can connect it back to the network but you still keep an eye on its traffic for a while to make sure the threats have been removed completely.
All the compromised computers will be recognized against their default threshold values, you can customize these values to let Capsa find out the problems more accurately in your network, read Security Analysis Settings for details.
|
Back |
| Copyright © 2001 - 2011 Colasoft. All rights reserved. |