Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 17 replies
  • Subscribers 32 subscribers
  • Views 24933 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

First ATP Reported

SophosNewby

I noticed yesterday that our firewall had reported this anomaly coming from our mail server. The destination IP is simply an open DNS I added to the DNS setting on the device but this also occurs on the other entries as well, why would it report this?

 



This thread was automatically locked due to age.
Parents
  • 0

    Just out of curiosity, are the source devices Mac's? I am noticing the same here and cannot find a good reason for these events.

  • 0 in reply to Erich Nieskes

    They are not Macs, it is an VM Exchange Server. After some troubleshooting, I discovered the primary anti-malware software that is monitored thru a 3rd party had expired. Upon relicensing we found 3 trojans in one of our staff's Outlook archives that they saved under their account. I thought for sure this must be the culprit of these logs and once the 3 viruses were cleaned and disinfected my ATP count remained constant after one day but today I noticed 6 more attempts. Still looking into it.

Reply
  • 0 in reply to Erich Nieskes

    They are not Macs, it is an VM Exchange Server. After some troubleshooting, I discovered the primary anti-malware software that is monitored thru a 3rd party had expired. Upon relicensing we found 3 trojans in one of our staff's Outlook archives that they saved under their account. I thought for sure this must be the culprit of these logs and once the 3 viruses were cleaned and disinfected my ATP count remained constant after one day but today I noticed 6 more attempts. Still looking into it.

Children
No Data