This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Protection Ziel 34.102.222.207

Hallo zusammen,

wir bekommen seit gestern aus mitllerweilen 3 verschiedenen Lokationen sporadisch Advanced Threat Protection Meldungen einzelner Windows Rechner für die Ziel IP 34.102.222.207.

Laut Virustotal.com wird die IP als Malicious eingestuft. Weitere uns bekannte Möglichkeiten zum Check der IP bringen keine auffälligen Rückmeldungen. Laut Auszug handelt es sich um eine Google Domain.

Da wir in der Vergangenheit viele "False Positiv" Meldungen hatten, hier die Frage ob ggf. bei anderen Installationen auch Meldungen mit der IP kamen?

Beste Grüße

OLG

This thread was automatically locked due to age.

Parents

0 Clint Westemeyer over 4 years ago

Hello from the US! Same issue here, handful of people causing multiple ATP alerts for traffic going to 34.102.222.207. IP owned by Google with no malicious reports that I can find, so I need to know if this is truly false positive so we can create an exception. Sophos, is this an incorrect false positive?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 4 years ago in reply to Clint Westemeyer

Hi Clint and welcome to the UTM Community!

Here in the US, anyone with a paid license can open a ticket with Sophos Support: https://secure2.sophos.com/en-us/support/open-a-support-case/describe-issue.aspx.

Please let us know what Support says.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Clint Westemeyer over 4 years ago in reply to BAlfson

Will do! Thanks Bob!
Cancel
Vote Up 0 Vote Down

Cancel
0 Clint Westemeyer over 4 years ago in reply to BAlfson

Alright this is what I got back from Sophos support:

“Thank you for contacting Sophos Technical Support.

I have checked the reputation of this IP on virustotal and cyren and found that the IP is not fully ok [please see images below]

As google has Ads running while you browse this can be one of those IPs from google which is associated with their ad section.

However, this IP looks malicious externally therefore I highly recommend you to please run a virus scan on the PCs which are showing you the ATP alert.

If I get any updated information on this from Sophos end will let you know.

Your cooperation in this regard is highly appreciated.“
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Clint Westemeyer over 4 years ago in reply to BAlfson

Alright this is what I got back from Sophos support:

“Thank you for contacting Sophos Technical Support.

I have checked the reputation of this IP on virustotal and cyren and found that the IP is not fully ok [please see images below]

As google has Ads running while you browse this can be one of those IPs from google which is associated with their ad section.

However, this IP looks malicious externally therefore I highly recommend you to please run a virus scan on the PCs which are showing you the ATP alert.

If I get any updated information on this from Sophos end will let you know.

Your cooperation in this regard is highly appreciated.“
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Michael Kuhn over 4 years ago in reply to Clint Westemeyer

Doesn't seems to be the best reponse.

We checked our Computer for those Virus. But anyway. There are many of Users which are having this Problem. Seems to be a global thing.

Have you ckecked your host for virus?

Regards Michael
Cancel
Vote Up 0 Vote Down

Cancel
0 Clint Westemeyer over 4 years ago in reply to Michael Kuhn

We had our techs run some virus/malware scans on two of the machines generating these ATP alerts, they found zero issues on both machines. So far today though with everyone back in the office we have not seen any new Sophos ATP alerts yet so if it was tied to a Google ad maybe Google shut it down? Oh well, hopefully its resolved now.

Clint
Cancel
Vote Up 0 Vote Down

Cancel