We have a computer server in our company that’s running on Windows Server 2003. And lately, it has been detecting a lot of infections in the system itself. It wasn’t infections that came from internet or network since we’re pretty confident of our anti-virus program. (Symantec Antivirus). But, we suspect that one of our IT team members is the one responsible for this infection. We suspect he’s plugging in an infected removable drive/USB device and disabling the anti-virus system so that he can download/upload his files on our system (we suspect him to be doing some unprofessional things, but since he’s an IT too, he knows how to remove history logs). We’re wondering if there’s a way to trace recent computer activity on our server. Besides using the Event Viewer from Windows Computer Management Console. Any suggestions?
