This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Protection triggering on sophosproductupdate.com

Today we have started receiving ATP alerts for DNS requests to the domain sophosproductupdate.com. I haven't been able to verify that this domain is owned by Sophos. Can anyone confirm this is a false positive?

Our DNS servers trying to resolve the listed domain are what has been triggering ATP. Our environment details are below.

Hardware: UTM sg430, sg135, sg105

Firmware: v9.702-1

This thread was automatically locked due to age.

0 FloSupport over 5 years ago

Hi D_Valinske

Sophos is investigating further. More information to come.

Regards,

Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Shaun Turner over 5 years ago

Also an issue on XGs. See https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/119949/xg-firewalls-connected-to-sfm-were-no-longer-able-to-connect-or-synchronize-to-sfm---notice-the-following-change-on-the-settings/435831#435831
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 5 years ago

Hmmm, that's a domain registered on 2020-03-27, just four weeks ago by GoDaddy and their name server resolves those FQDNs to 127.0.0.1. I think I would virus scan the machines causing those alerts. Please let us know what you find.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel