This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

macOS C2/Generic-A Detections

Today I have been receiving detections for C2/Generic-A on my mac clients the offending process is /usr/libexec/trustd and it is reaching out to IP 104.18.21.226. This IP is owned by cloud flare and hosts alphassl.com so it seems to make sense that the clients would be trying validate SSL certificates agains this host.

Is this something I need to be worried about and pulling these computers, or does this seem more like Sophos mis-categorizing the IP?



This thread was automatically locked due to age.