today I got these warnings in ATP log:
2015:04:01-18:39:39 myfirewall named[4635]: rpz: client 192.168.x.x#54270 (fllibano.sytes.net): view default: rpz QNAME PASSTHRU rewrite fllibano.sytes.net via fllibano.sytes.net.rpz
2015:04:01-21:56:57 myfirewall named[4635]: rpz: client 192.168.x.x#54338 (fllibano.sytes.net): view default: rpz QNAME NXDOMAIN rewrite fllibano.sytes.net via fllibano.sytes.net.rpz
2015:04:01-21:56:57 myfirewall named[4635]: rpz: client 10.242.x.x#56714 (fllibano.sytes.net): view default: rpz QNAME NXDOMAIN rewrite fllibano.sytes.net via c.rpz
The first two entries are related to my DC domain, the third entry is my home pc in VPN, while I was seeing at the logs files (very strange, don't you think?). How can I investigate if it is a false positive? This is the description ATP got in the email notification: C2/Generic-A - Viruses and Spyware - Web Threat, Virus and Spyware Detection and Removal | Sophos - Threat Center - Cloud Antivirus, Endpoint, UTM, Encryption, Mobile, DLP, Server, Web, Wireless Security, Network Storage and Next-Gen Firewall Solutio
Thanks
This thread was automatically locked due to age.
