Hi,
Since upgrading to the latest version of Sophos UTM, I have received constant Advanced Threat Protection alerts for threat "C2/Generic-A", with the destination address "lock.bz". I have searched the forum's for this, and it appears to be something which is affecting a lot of people. Unfortunately, my searching has not lead me to a working solution. I still receive constant alerts, to the extent that I have given up pressing the "Reset" button. After pressing "Reset", it's a matter of waiting a few minutes and then bang, the alerts start to flood back in.
Is there a solution to this problem? Is there a way of killing these alerts? The reported hosts are internal DNS servers. I have enabled DNS logging on both of these servers to attempt to trace an infected host, but the logs report that the Sophos UTM itself is asking the DNS servers to query the "lock.bz" domain.
Has anybody here had this issue and managed to resolve it? It's getting rather frustrating now...
Cheers,
Richard
This thread was automatically locked due to age.