This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

C2/Generic-A AFCd

I'm having multiple UTMs reporting a C2/Generic-A from IP address: 45.33.9.234. I have scanned every server/PC that is reporting on and there is never anything there. I believe this is a false positive and I cannot get Sophos to help me out on this one. I've been hung up on twice and all the support reps can tell me is that the PCs are infected and that there's nothing they can do before hanging up.

This thread was automatically locked due to age.

Parents

0 BAlfson over 7 years ago
Hi, Bethany, and welcome to the UTM Community!

It's interesting that this is on port 80. Are you running Web Filtering in Transparent mode? If so, then try the following experiment:

Create a Web Filtering Profile in Standard mode for an IP being reported.

Change the Proxy settings on that device to point at the UTM on port 8080.

At the next block of that IP, check the Web Filtering log at that time to see if there's anything that corresponds.

What did you see?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 7 years ago
Hi, Bethany, and welcome to the UTM Community!

It's interesting that this is on port 80. Are you running Web Filtering in Transparent mode? If so, then try the following experiment:

Create a Web Filtering Profile in Standard mode for an IP being reported.

Change the Proxy settings on that device to point at the UTM on port 8080.

At the next block of that IP, check the Web Filtering log at that time to see if there's anything that corresponds.

What did you see?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data