Today I have been receiving detections for C2/Generic-A on my mac clients the offending process is /usr/libexec/trustd and it is reaching out to IP 104.18.21.226. This IP is owned by cloud flare and hosts alphassl.com so it seems to make sense that the clients would be trying validate SSL certificates agains this host.
Is this something I need to be worried about and pulling these computers, or does this seem more like Sophos mis-categorizing the IP?
This thread was automatically locked due to age.
