Sophos Firewall

Discussions FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 3 replies
Subscribers 27 subscribers
Views 914 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt

Mizan Mizan over 3 years ago

I am getting the following message on my Sophos IPS Log.

FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt

I am unable to understand What can I do about this message. Please guide me about this issue

This thread was automatically locked due to age.

Top Replies

Mizan Mizan over 3 years ago in reply to BAlfson +1

2022-03-01 15:03:47IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="1" fw_rule_id="15" user="192.168.6.30" sig_id="58124" message="FILE-OFFICE…

Parents

0 BAlfson over 3 years ago

Hi and welcome to the UTM Community!

Please copy here the complete line from the log. If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51. That lets us see immediately which IPs are local and which are identical.

.Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Mizan Mizan over 3 years ago in reply to BAlfson

2022-03-01 15:03:47IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="1" fw_rule_id="15" user="192.168.6.30" sig_id="58124" message="FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt" classification="Attempted User Privilege Gain" rule_priority="1" src_ip="192.168.5.9" src_country="R1" dst_ip="192.168.6.30" dst_country="R1" protocol="TCP" src_port="110" dst_port="65353" OS="Windows" category="file-office" victim="Client"
Cancel
Vote Up +1 Vote Down

Cancel

Reply

0 Mizan Mizan over 3 years ago in reply to BAlfson

2022-03-01 15:03:47IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="1" fw_rule_id="15" user="192.168.6.30" sig_id="58124" message="FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt" classification="Attempted User Privilege Gain" rule_priority="1" src_ip="192.168.5.9" src_country="R1" dst_ip="192.168.6.30" dst_country="R1" protocol="TCP" src_port="110" dst_port="65353" OS="Windows" category="file-office" victim="Client"
Cancel
Vote Up +1 Vote Down

Cancel

Children

0 BAlfson over 3 years ago in reply to Mizan Mizan

Moving this to the Sophos Firewall community

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Share Feedback

×

Submitted a Tech Support Case lately from the Support Portal?