This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Live query for extracting applications that contacted a blocked domain

Hi,

I'm facing a problem as when I query and endpoint that contacted a denied domain, I only get the sophos proxy service swi_fc.exe as the application involved.

Is there a way to extract the original application invoking that ip/domain?
Tks



This thread was automatically locked due to age.
Parents Reply Children
No Data