Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 5 subscribers
  • Views 1899 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP detection

Cato Kwok

Hi all

 

  I found a ATP alert on my firewall, but I have no idea how to fix it. 

  2016:11:08-10:56:56 firewall named[4770]: rpz: client 192.168.36.23#55902 (www.anroam.com): view default: rpz QNAME NXDOMAIN rewrite www.anroam.com via www.anroam.com.rpz

192.168.36.23 is our Domain Controller (win server 2003).
There is no alert from our Symantec Endpoint and Sophos Virus Removal Tool.

Thanks all.

Cato



This thread was automatically locked due to age.
Parents
  • 0

    Since it is your DC which may perhaps also function as a DNS-server for your internal clients, it can very well be that a client computer wanted to reach a DNS name that triggers this. Since in the end the DNS-server will be the one that tries to resolve the name on the internet, the source will be the DNS-server.

    Maybe you can check in the DNS-log which client originally requested the hostname and then check that client.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0

    Since it is your DC which may perhaps also function as a DNS-server for your internal clients, it can very well be that a client computer wanted to reach a DNS name that triggers this. Since in the end the DNS-server will be the one that tries to resolve the name on the internet, the source will be the DNS-server.

    Maybe you can check in the DNS-log which client originally requested the hostname and then check that client.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML