Word Docs missing on the server!
I have a client with a Windows 2019 server, all updates have been taken. Approximately 35 Windows 10, Office365 workstations. Last Wednesday my client reported to me that several Word documents were missing from a particular folder. I was told that a user may have deleted them. We have redundant backup (on-site-Synology and cloud-CrashPlan) in addition to Volume Shadow Copy enabled. Not thinking that nothing was strange since TrendMicro Business Services hadn’t detected anything in the logs, I copied the missing files from the shadow copy (Monday 12pm copy, missing from Tuesday 7am copy). On Thursday, the client tells me that there are missing Word documents in other files. These Word Docs are 4 different which are used for all their customer data files found in this type of structure F: Cases CustomerName …
F: Cases ClientName WordDoc1.DOC
F: Cases ClientName WordDoc2.DOC
F: Cases ClientName WordDoc3.DOC
F: Cases ClientName WordDoc4.DOC
These missing documents were originally created with a template and are copied and edited as needed in each F: Cases CustomerName folder.
I don’t mean to confuse and hope I explain the problem. To resolve the issues, I ran a full virus scan on the server and all workstations with Trend Micro and Norton Power Eraser on multiple workstations.
It looks like these files were moved or deleted between 07/19/12 and 07/20/07 at 7:00 am and I can’t figure out what caused this or how. I turned on auditing and selected deleted files on the server so that I can see if there are any files deleted in the future that were inadvertently deleted.
Looking for any suggestions and what else I can try to be able to pinpoint the cause of this (macro virus?) Problem and minimize the likelihood of it continuing or repeating itself. Thank you.
Edited by Chris Cosgrove, Jul 31, 2021 – 5:50 PM.
Moved from General Security to Windows Server