Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: BROWSER-IE Microsoft Internet Explorer EPM MOTWCreateFileW file access bypass attempt
Details........: www.snort.org/search
Time...........: 2015-10-24 15:16:32
Packet dropped.: yes
Priority.......: high
Classification.: Potential Corporate Privacy Violation
IP protocol....: 6 (TCP)
Source IP address: 69.28.184.47 (https-69-28-184-47.lga.llnw.net)
Source port: 80 (http)
Destination IP address: 10.1.50.100
Destination port: 56012
--
HA Status : HA MASTER (node id: 2)
System Uptime : 4 days 11 hours 8 minutes
System Load : 0.10
System Version : Sophos UTM 9.350-12
Please refer to the manual for detailed instructions.
After doing some research it points to a bug in IE which a patch was released for back in February, 2015. I've verified that all of my internal PC's have received that patch so I'm thinking that this might be a false positive. I'm thinking this is just Internet Explorer trying to phone home or something (like version checking for updates). Has this been happening to anyone else?
This thread was automatically locked due to age.
