Hi guys,
Ever since Saturdays' whatever, several clients have been reporting anomalies that include firewall disconnection alerts (which is somewhat acknowledged) but what puzzles me the most are those C2/Generic-C HIGH alerts.
Support just beats around the bush asking for logs, logs, pings, pings that give the sensation that they are just gaining time instead of coming forward with something useful.
Anyone has any info and can share?
Detalles del suceso de Sophos Central para CLIENT NAME
Qué ocurrió: Sophos Firewall ha detectado tráfico malicioso: 'C2/Generic-C' at 'C:\Windows\System32\svchost.exe' (Referencia de soporte técnico: 0)
Dónde ocurrió: COMPUTER NAME
Ruta: C:\program files (x86)\common files\Sophos\web intelligence\swi_fc.exe
Qué se detectó: C2/Generic-C
Usuario asociado con el dispositivo: USER NAME
Qué gravedad tiene: Alto
This thread was automatically locked due to age.