Sophos false alarms (April 2019)

Administrators using Sophos security solutions may have been bothered by a number of false positives alarms within the recent days. If this is fixed now, the reason is known.


Advertising

It's just a brief piece of information I have from last week. The admins of Sophos security solutions received the following warning that a thread (security issue) had been discovered on the network::

<**[CRIT-861] Advanced Threat Protection Alert**
Advanced Threat Protection
A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company.
Details about the alert:

Threat name....: C2/Generic-A
Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx
Time...........: 2019-04-04 18:49:03


(Source: Sophos)

This weekend I came across this post at administrator.de with a hint to the cause. The whole thing is described in the Sophos forum (Advisory: Sophos UTM – ATP is blocking traffic to Windows Update server (93.184.221.240)). The background was a blocked IP used by Microsoft Update. Sophos has provided an update which should be installed. Was anyone affected?

This entry was posted in Security and tagged . Bookmark the permalink.

One Response to Sophos false alarms (April 2019)

  1. Max says:

    Jup, mich hat es erwischt. Allerdings wurden bei mir nur interne Server, hauptsächlich DCs, angemeckert. Ich ging von einem Fehlalarm aus und habe weiter Urlaub gemacht. ;-)

Leave a Reply

Your email address will not be published. Required fields are marked *