Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 646 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP reports connection to botnet

Kay Werrmann

A Sophos XG with version SFOS 17.5.15 MR-15 reports a daily communication attempt with a botnet or "command-and-control" server. However, the same happens with Sophos XG and the current version 18.

There are connections to blog.alexmaccaw.com, which originate from Windows servers as well as clients. According to entries on the Internet, this site is from a blogger and is classified as "Normal = Green". A dedicated call of this page by users does not occur, it seems to be an issue in the Microsoft operating system or a specific application.

Does the community know anything about this and is it possible to create a suitable whitelist for the blog.alexmaccaw.com website in the ATP?



This thread was automatically locked due to age.
  • +1

    Hello Kay,

    Thank you for contacting the Sophos Community.

    Would it be possible for us to show us the Alert and what SID is triggering if any.

    You can add the domain under Protect >> Advanced Threat >> Advanced Threat Protection >> Threat Exception.

    Regards,

  • 0 in reply to emmosophos

    Hello Emmanuel,
    Thank you very much for your answer. The background of the call must be in the HPE Data Protector application. We have configured the exception and are continuing to search at the Windows or application level.
    With kind regards
    Kay Werrmann