Hi,
I have a problem with malicious outbound network traffic when used VirtualBox on Windows 10.Show me at every hour High Alerts. When I opens Event details, every time IP address in "Traffic Using This Remote Address" and local port is different.
Hi there, Thank you for reaching us, May we know if you're observing this through our endpoint or firewall level?
I'm observing him on Sophos Endpoint Agent.
Can you share with us the detection? Are you seeing C2-generic detection on the system? is there also a Sophos firewall in your network?
I don't use Sophos Firewall. Each error comes from a different remote IP address.
.
On the device where you get this detection, can you run (Autoruns.exe) which can be downloadable on the Microsoft website? Also was this only observed on a single device or multiple?