Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 3607 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Protection Detection

AaronSalkeld1

I have purchased a Changhong 40inch iSmart TV to be used outside. Once I connected this TV to my network, the Advanced Threat Protection detected a threat. Which turned out to be my TV.

The threat name is C2/Zbot-A. 

I have factory reset the TV but am unable to upgrade the firmware as this isnt an updated version.

So I am thinking this is a fault postive. Should I add this device as an exception or just leave it and reset the ATP every now and then?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi Aaron,

    C2/Zbot-A is the threat name associated with the command and control (C&C) servers used by members of the Zbot malware family. Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows.

    ATP works in conjunction with Web Protection and IPS to provide advance protection. Hence, the detection might have occurred as a capture from any of the two module detection.  Skipping a detected threat is not recommended as it exposes infected computers to the command and control servers that hackers use to potentially take control of the computer and access your network. If you are sure it's a false positive catch, you can add it into the exception.

    Thanks

Reply
  • 0

    Hi Aaron,

    C2/Zbot-A is the threat name associated with the command and control (C&C) servers used by members of the Zbot malware family. Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows.

    ATP works in conjunction with Web Protection and IPS to provide advance protection. Hence, the detection might have occurred as a capture from any of the two module detection.  Skipping a detected threat is not recommended as it exposes infected computers to the command and control servers that hackers use to potentially take control of the computer and access your network. If you are sure it's a false positive catch, you can add it into the exception.

    Thanks

Children
No Data