[9.192-8] False positives on C2/Generic-A?

hi,

I started using endpoint protection/advanced thread protetion during this beta, so I'm posting it here.

On a regular basis I get the following mail alert from UTM

-------------------------------
Details about the alert:

Threat name....: C2/Generic-A
Details........: C2/Generic-A - Viruses and Spyware - Web Threat, Virus and Spyware Detection and Removal | Sophos - Threat Center - Cloud Antivirus, Endpoint, UTM, Encryption, Mobile, DLP, Server, Web, Wireless Security, Network Storage and Next-Gen Firewall Solutio
Time...........: 2014-01-27 14:46:15
Traffic blocked: yes

Internal source IP address or host: 192.168.1.10
-------------------------------

The dashboard reports this:

User/Host Threat Name Destination Events Origin
1 192.168.1.10 C2/Generic-A 4pda.ru 2 DNS

I did a full scan of the mentioned machine and all other machines using Sophos Virus Removal Tool, but no issues are found. On the machine itself the endpoint protection isn't installed (it's a domain controller and hyper-v server).

Franc.

Parents

0 gband over 10 years ago

Hello. I updated to 9.201-25 from 9.111 and the next day I received a few alerts (4 alerts) for C2/Generic-A coming from my internal DNS servers. I scanned the systems with boot-cd, and also with the latest Windows Malicious Software Removal Tool. Nothing was found.
So, what is going on? Are these alerts real and why they can't be detected?
Regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 gband over 10 years ago

Hello. I updated to 9.201-25 from 9.111 and the next day I received a few alerts (4 alerts) for C2/Generic-A coming from my internal DNS servers. I scanned the systems with boot-cd, and also with the latest Windows Malicious Software Removal Tool. Nothing was found.
So, what is going on? Are these alerts real and why they can't be detected?
Regards
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data