XG450 Advanced Threat Protection - C2/Generic-A - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - False Postive Alarm?

Question

Hello, 
 we are using : Sophos XG450 (SFOS 18.5.1) 
 During the last 2 weeks we recceived the following Security Warnings on 2 different Computers: 
 Was ist passiert: Ein Computer hat sch&auml;dliche Daten versandt. Das l&auml;sst darauf schlie&szlig;en, dass er mit einem Remote-Computer kommuniziert und m&ouml;glicherweise sch&auml;dliche Daten an diesen sendet oder Auftr&auml;ge erh&auml;lt. 
 Pfad: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 
 Was wurde erkannt: C2/Generic-C 
 
 Threat URL : 62.0.58.94 belongs to "CELLCOM NOC team" (located in Israel) 
 The computers have isolated so far, but we weren't abe to find any virus on the computers. 
 I'm not sure if this is an false positive alarm ? 
 Had/Has anyone the same issue? 
 
 Thanks for response

TheBastian · Answer

This is the default DNS sinkhole (spoofed DNS reply) of a Checkpoint Feature called Malware DNS Trap 
 https://supportcenter.checkpoint.com/supportcenter/portal?solutionid=sk74060 
 A good reason to block this IP-Address

XG450 Advanced Threat Protection -> C2/Generic-A -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - False Postive Alarm?

Top Replies