This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

alert "Mal/HTMLGen-A" and beacon is "layla-print.com".

Under alert "Mal/HTMLGen-A" Google Chrome is showing as root cause and beacon is "layla-print.com". User didn't tried to access that domain but alert triggered how? 



This thread was automatically locked due to age.
Parents
  • Thank you for reaching out to the community forum.

    May we know if the detection only happens once or multiple times? How many systems are currently having this detection?
    Was there a pattern of the detection like every 5 min or so? What application or process does the user access when observing the detection? Was there any script running on the device that calls this URL? You can Identify them by using Autoruns.exe by Microsoft. 

    Also as per checking in our Intelix UI portal, the website is categorized as suspicious. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Reply
  • Thank you for reaching out to the community forum.

    May we know if the detection only happens once or multiple times? How many systems are currently having this detection?
    Was there a pattern of the detection like every 5 min or so? What application or process does the user access when observing the detection? Was there any script running on the device that calls this URL? You can Identify them by using Autoruns.exe by Microsoft. 

    Also as per checking in our Intelix UI portal, the website is categorized as suspicious. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
Children
No Data