Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 28127 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ERROR - "Sophos Firewall detected malicious traffic: 'C2/Generic-C' at 'C:\Windows\System32\svchost.exe' (Technica..."

Paul Dunn

I am getting the error status on 1 or 2 computers each day 

"Sophos Firewall detected malicious traffic: 'C2/Generic-C' at 'C:\Windows\System32\svchost.exe' (Technica..."

What is this?



This thread was automatically locked due to age.
Parents
  • 0

    Hey Paul,

    did you find something? We are getting this error on some computers here too. I found the URL which is responsible for the threat: "sync.header.direct".

    Is it the same for you?

    I'm not that knowledgeable about domains. Is this a safe domain and the Sophos popup wrong?

     

    Kind regards

    Marc

     

Reply
  • 0

    Hey Paul,

    did you find something? We are getting this error on some computers here too. I found the URL which is responsible for the threat: "sync.header.direct".

    Is it the same for you?

    I'm not that knowledgeable about domains. Is this a safe domain and the Sophos popup wrong?

     

    Kind regards

    Marc

     

Children
  • 0 in reply to Marc Drescher

    Marc

    Haven't found anything yet.  Been a little busy.  All I do know is I am very disappointed with Sophos Central and all the problems we are having with it.  It does not seem to be working at all on about 40% of our machines (either it's giving so many false positives or just not running)

    We are truly sorry we purchased this software and 3 years of contract.  Seems like it is just a waste of money and we should have gone with a more reliable working solution.

    But now we are stuck :-(

  • 0 in reply to Marc Drescher

    Hi Marc,

    We are getting the exact same reports as you are across multiple machines all to the URL "sync.header.direct" It just started out of the blue a week or so ago and no matter what I try I cant confirm that it is actually malicious and not a false positive.

    Have you heard back from Sophos?

    Thanks

    Steve

  • 0 in reply to Steve Goldsmith

    We are getting the messages now all over the place and no help from Sophos :(

Unfiltered HTML