Can anyone share with me what next step they might take or how they would try to look into the cause of a computer rapidly trying to connect to any particular site. To be specific, Sophos Endpoing Protection has logged and blocked many attempts to several social media websites. What is actually reposible for this? Where would I look for more clues? Below is a screenshot of the events listed within the Endpoint Protection console. While the user in question says they never use their facebook on their work computer, they did also just recently have their facebook and a few other accounts hacked. I believe this is related somehow.
This thread was automatically locked due to age.
