Hi All,
First time poster and newbie to Sophos.
I've installed Sophos Home edition a little over a week ago and I've noticed a pattern that I can't figure out. One of my hosts (teenage son's PC) is the source of >80% of packets dropped. Granted this is a gamer kid so I've had to implement a few exceptions to get his rig setup however I can't figure out why there are over 68k packets.
I'm attaching what the packet filter violations graph look like for yesterday as an example. That whole period is that one host dropping packets.
Looking at the log for yesterday, I can see there are over 68k packets being dropped all with srcport=49622. The strange thing is that often these paclets are destined for dstip of an internal IP range. I'm on a 192.168.1.X and these are dstip range of 192.168.2.X or 10.X.X.X range. Some are destined for public IPs but a large number seem to target a private IP range.
All of the other 38+ hosts are behaving but this one PC is causing all of this activity.
Is this something I should be concerned about? I ran an AV scan with AVG CloudCare and Sophos as well as Malwarebytes and all came back clean. Not sure if this normal or not. Appreciate any insight you might have.
This thread was automatically locked due to age.
