Vircom Portal - Security - Outbound Virus

Created by Yves Lacombe, Modified on Thu, 23 Sep, 2021 at 4:32 PM by Yves Lacombe

Text of the alert:


1 outbound virus(es) caught for exampledomain.com between 08/26/2021 03:00 and 08/26/2021 04:00 Eastern Daylight Time



Meaning:


We detected at least one message from sender that was caught outbound at (timestamp).



Importance:


It is vitally important to take immediate action.  If someone is sending out viruses that are getting caught outbound by Proofpoint, it implies that you may have a compromised workstation on your network that needs to be shut down immediately.


Since Proofpoint only records the egress IP coming say, from your O365 tenant or your exchange server (if on prem), it does mean you should check the mail flow logs on office365 (or exchange) to see where the actual message originated from in terms of which machine is affected.


At least the messages are getting caught by Proofpoint if you're getting this alert!