Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 27122 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ERROR - "Sophos Firewall detected malicious traffic: 'C2/Generic-C' at 'C:\Windows\System32\svchost.exe' (Technica..."

Paul Dunn

I am getting the error status on 1 or 2 computers each day 

"Sophos Firewall detected malicious traffic: 'C2/Generic-C' at 'C:\Windows\System32\svchost.exe' (Technica..."

What is this?



This thread was automatically locked due to age.
  • 0 in reply to Jiri Hadamek

    We received confirmation from Sophos Support that this was a false positive detection on the domain header.direct. No new alerts should show up after patterns have been updated around 12/29.

  • 0 in reply to Greg CT

    The problem is still current. Both svchost.exe and chrome.exe continue to be recognized as a threat. Elimination only possible by completely uninstalling and reinstalling the client software.

  • 0 in reply to B|Cyber|Security

    Hello Bülent Caliskan1,

    whatever the problem is.
    The C2 prefix indicates, let's put it this way,  questionable network traffic (C2 used to stand for Command&Control). It does not necessarily indicate that the named executable is compromised but it has made or attempted a connection to a certain address or site (usually logged in the MTD log). Like all IPSs MTD/SNTP isn't black and white - a lot depends on actual behaviour and behaviour over time. A reinstall clears the accumulated data and thus naturally it then works again for some time.

    Of course without any details I can't say whether this is an incorrect assessment, a mis-classification of the target site(s) or indeed something that shouldn't be simply disregarded and it might be a good idea to contact Support

    Christian

Unfiltered HTML