Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 6 subscribers
  • Views 2441 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Advanced Threat Protection triggering on sophosproductupdate.com

D_Valinske

Today we have started receiving ATP alerts for DNS requests to the domain sophosproductupdate.com. I haven't been able to verify that this domain is owned by Sophos. Can anyone confirm this is a false positive?

Our DNS servers trying to resolve the listed domain are what has been triggering ATP. Our environment details are below.

Hardware: UTM sg430, sg135, sg105

Firmware: v9.702-1



This thread was automatically locked due to age.
Parents
  • 0

    Hmmm, that's a domain registered on 2020-03-27, just four weeks ago by GoDaddy and their name server resolves those FQDNs to 127.0.0.1.  I think I would virus scan the machines causing those alerts.  Please let us know what you find.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hmmm, that's a domain registered on 2020-03-27, just four weeks ago by GoDaddy and their name server resolves those FQDNs to 127.0.0.1.  I think I would virus scan the machines causing those alerts.  Please let us know what you find.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML