C2/Generic-A AFCD

Question

Hi guys, 
 Since this morning I have recieved 9 C2/Generic-A AFCD alert awith a discription that says systemverification-apple.com. 
 Both of hosts are our DNS servers and ATP log shows this: 
 
 2017:05:11-08:57:53 securitysrv1-1 afcd[29503]: id="2022" severity="warn" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" srcip="10.0.10.10" dstip="8.8.8.8" fwrule="63001" proto="17" threatname="C2/Generic-A" status="1" host="systemverification-apple.com" url="-" action="drop" 
 Does anyone else see this? or this is just a false alarm. 
 Thanks

sachingurung · Answer

Hi Aresh, 
 If you have public IPs, "Any" or "Internet" listed under Network Services > DNS > Global > Allowed Networks then change it to "Internal network". Alongside, a C2/Generic usually indicates of an already installed virus. You have the source IP of the machine in the logs, do a full virus scan on the system to verify if the system is infected and take the necessary steps to clean it. 
 Finally, do you have DNS server defined in the Network Protection | Intrusion Prevention | Advanced | DNS server tab? In order to increase the performance and minimize the amount of false positive alerts, you can specify your internal servers that are protected by the IPS. 
 Cheers-