This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

swi_fc.exe connecting to Malicious Domain

On the firewall a system was detected trying to establish a connection to a Malicious Domain. Further when drilled down this were automated web requests. 

DOMAIN i tried contacting--> 

Threat - www-x-nanfpump-x-com.img.abc188.com
Category - Malicious Websites
 
Further Investigated and the File involved was 
swi_fc.exe [Path : "c$\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe"]
 
This shows up on FIREWALL & Other End Point Analytics Tool
 
QUESTIONS : 
- Not sure why Web Intelligence Service is involved in generating this traffic ?
 
 NOTE : 
-No Events on SOPHOS Dashboard for specific client Virus \ Web Events
-The executable swi_fc.exe on the system i checked against VIRUS TOTAL. It is not infected and shows Clean
-The malicious Domain is accessed over PORT 33 and i have verified the Domain is Malicious against other URL Categorization vendors.
 


This thread was automatically locked due to age.
Parents Reply Children
No Data