Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 916 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt

Mizan Mizan

I am getting the following message on my Sophos IPS Log.

FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt

I am unable to understand What can I do about this message. Please guide me about this issue



This thread was automatically locked due to age.
Parents
  • 0

    Hi and welcome to the UTM Community!

    Please copy here the complete line from the log.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical.

    .Cheers - Bob

  • 0 in reply to BAlfson

    2022-03-01 15:03:47IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="1" fw_rule_id="15" user="192.168.6.30" sig_id="58124" message="FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt" classification="Attempted User Privilege Gain" rule_priority="1" src_ip="192.168.5.9" src_country="R1" dst_ip="192.168.6.30" dst_country="R1" protocol="TCP" src_port="110" dst_port="65353" OS="Windows" category="file-office" victim="Client" 

  • 0 in reply to Mizan Mizan

    Moving this to the Sophos Firewall community

    Cheers - Bob

Reply Children
No Data