First ATP Reported

Seeing the same on my newly deployed SG reporting the host was an all in one (exchange server)

Any idea?

Looks to me like a false positive. Anyone know what threat feed the XG use? If we can track down the source maybe we can fix (or confirm, or limit the scope of) the issue/impact.

I don't mind an email from my appliance with a false positive, but I'd like to be able to tune it so I don't keep getting the same false positives after investigation.

Looks to me like a false positive. Anyone know what threat feed the XG use? If we can track down the source maybe we can fix (or confirm, or limit the scope of) the issue/impact.

I don't mind an email from my appliance with a false positive, but I'd like to be able to tune it so I don't keep getting the same false positives after investigation.

FYI for those following the thread: This should be resolved now. You should probably contact Sophos if you're still experiencing this error for this specific URL.

When was it resolved? Last log was 12-28-2017 @ 3.10PM EST.

Sometime this morning. Keep an eye out for new alerts but you shouldn't see any more.