Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
Just got too many alerts from many devices :
What happened: Malicious connection detected: 'C2/Generic-A' at '/Applications/Opera (1).app/Contents/Frameworks/Opera Framework.framework/Versions/67.0.3575.79/Helpers/Opera Helper.app/Contents/MacOS/Opera Helper' (Technical Support reference: 1071727604)
Path: /Applications/Opera (1).app/Contents/Frameworks/Opera Framework.framework/Versions/67.0.3575.79/Helpers/Opera Helper.app/Contents/MacOS/Opera HelperWhat was detected: C2/Generic-A
How severe it is: High
Can you please describe the situation? What should i do?
Got SDU results from a couple of machines:
Alerts keep coming please help!
Hi Evgenij Markovski
The alert which you have received states that the C2 traffic has been blocked by your Firewall from the endpoints. You should be able to check the number of machines which are creating this traffic. Check the logs on the firewall about where these endpoints are trying to connect and you can block the IP from there.
After that, you need to do the Malware remediation on each and every machine to remove the exact component which is causing the issue.
From the path, I am assuming that you are using MAC machines.
In reply to Jasmin:
This seems to be a false-positive recognition of traffic created by the Opera Helper on macOS-Systems.
I started to get this notifications this afternoon on several machines.
In reply to Iakovos:
If it looks like a false-positive, I'd request you to create a case here.
I have also seen one case for the same issue with support. The support team will confirm whether it is a false-positive or not.
Looks like related Opera 67.0.3575.79 update, but I can't be 100% sure that is false positive.
thank you for the quick reply. Just used your link to create a case.
I just checked the status of this and the specific Detection with Technical Support reference: 1071727604 should no longer occur. If you are still receiving the detections, please let us know.
In reply to DianneY:
thank you for your help. I can confirm that the traffic of the Opera Helper is not recognised as malicious anymore. Tested this on different machines.
Thank you for the confirmation.
Hi Jasmin - Just want to clarify. Is this now being confirmed as a false-positive?
In reply to YasminZ:
Yes, our labs team has removed the detection as it was C2 False-positive alert.