This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with malicious outbound network traffic when used VirtualBox on Windows 10.

Hi,

I have a problem with malicious outbound network traffic when used VirtualBox on Windows 10.
Show me at every hour High Alerts. When I opens Event details, every time IP address in "Traffic Using This Remote Address" and local port is different.

This thread was automatically locked due to age.

0 GlennSen over 2 years ago

Hi there,

Thank you for reaching us, May we know if you're observing this through our endpoint or firewall level?

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Асен Асенов over 2 years ago in reply to GlennSen

I'm observing him on Sophos Endpoint Agent.
Cancel
Vote Up 0 Vote Down

Cancel
0 GlennSen over 2 years ago in reply to Асен Асенов

Can you share with us the detection? Are you seeing C2-generic detection on the system? is there also a Sophos firewall in your network?

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Асен Асенов over 2 years ago in reply to GlennSen

I don't use Sophos Firewall. Each error comes from a different remote IP address.

.
Cancel
Vote Up 0 Vote Down

Cancel
0 GlennSen over 2 years ago in reply to Асен Асенов

On the device where you get this detection, can you run (Autoruns.exe) which can be downloadable on the Microsoft website? Also was this only observed on a single device or multiple?

Glenn ArchieSeñas (GlennSen)

Global Community Support Engineer

The New Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel