This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

swi_fc.exe and svchost.exe continuous alerts (every 30 minutes)

Hi guys,

Ever since Saturdays' whatever, several clients have been reporting anomalies that include firewall disconnection alerts (which is somewhat acknowledged) but what puzzles me the most are those C2/Generic-C HIGH alerts.

Support just beats around the bush asking for logs, logs, pings, pings that give the sensation that they are just gaining time instead of coming forward with something useful.

Anyone has any info and can share?

 

Detalles del suceso de Sophos Central para CLIENT NAME

Qué ocurrió: Sophos Firewall ha detectado tráfico malicioso: 'C2/Generic-C' at 'C:\Windows\System32\svchost.exe' (Referencia de soporte técnico: 0)

Dónde ocurrió: COMPUTER NAME

Ruta: C:\program files (x86)\common files\Sophos\web intelligence\swi_fc.exe

Qué se detectó: C2/Generic-C

Usuario asociado con el dispositivo: USER NAME

Qué gravedad tiene: Alto



This thread was automatically locked due to age.