Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 14 subscribers
  • Views 1206 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New user - question on active threat frequently detected on iTunes

Keith Gardner

I'm demoing the Sophos endpoint protection on my iMac (High Sierra) and am a little puzzled by what to do about a threat that keeps coming up. 

Active threat C2/Generic-A detected
/Applications/iTunes.app/Contents/MacOS/iTunes

I use iTunes pretty much exclusively to listen to Internet (streaming) Radio. I'm just not sure what the problem is, how a threat can materialize through a data stream like this, and what to do about it. Can anyone give a bit broader explanation of what's going on here please? 

Thanks.



This thread was automatically locked due to age.
Parents
  • +1

    Hello  

    If a C2 detection alert has been triggered this means that the Sophos Endpoint Security and Control product has detected communication with a suspect Command and Control site. As we have only detected the suspicious traffic, it might mean that at the moment of detection we may not have a sample or detection signatures of the malware responsible for the C2(Command and Control) traffic. More information on the KB below:

    C2/Generic Detection Explained

     

    The issue may be a False-Positive, or if not, it is best to not whitelist as there could be another aspect to the detection that isn't obviously shown in the message popup you see. Ideally to review these types of issues, more information is required, such as the SophosDiagnostics logging, and any information on the detection that comes up in Sophos Central/SEC. Please raise a support case and send the Ticket Number you receive so we can follow the issue.

    Thank You!

Reply
  • +1

    Hello  

    If a C2 detection alert has been triggered this means that the Sophos Endpoint Security and Control product has detected communication with a suspect Command and Control site. As we have only detected the suspicious traffic, it might mean that at the moment of detection we may not have a sample or detection signatures of the malware responsible for the C2(Command and Control) traffic. More information on the KB below:

    C2/Generic Detection Explained

     

    The issue may be a False-Positive, or if not, it is best to not whitelist as there could be another aspect to the detection that isn't obviously shown in the message popup you see. Ideally to review these types of issues, more information is required, such as the SophosDiagnostics logging, and any information on the detection that comes up in Sophos Central/SEC. Please raise a support case and send the Ticket Number you receive so we can follow the issue.

    Thank You!

Children
No Data
Unfiltered HTML