On the firewall a system was detected trying to establish a connection to a Malicious Domain. Further when drilled down this were automated web requests.
DOMAIN i tried contacting-->
Threat - www-x-nanfpump-x-com.img.abc188.com
Category - Malicious Websites
Further Investigated and the File involved was
swi_fc.exe [Path : "c$\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe"]
This shows up on FIREWALL & Other End Point Analytics Tool
QUESTIONS :
- Not sure why Web Intelligence Service is involved in generating this traffic ?
NOTE :
-No Events on SOPHOS Dashboard for specific client Virus \ Web Events
-No Events on SOPHOS Dashboard for specific client Virus \ Web Events
-The executable swi_fc.exe on the system i checked against VIRUS TOTAL. It is not infected and shows Clean
-The malicious Domain is accessed over PORT 33 and i have verified the Domain is Malicious against other URL Categorization vendors.
This thread was automatically locked due to age.
