Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 4 subscribers
  • Views 4341 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Basic Advanced Threat Protection Understanding?

iTechThingsSeriously

My dashboard regularly shows botnet/command and control traffic detected. It is always BYOD hosts that cause it to trip. I understand protocol is to take these devices offline and scan them for viruses, but I would really like to know if there is anything I can do to limit and/or prevent it from happening in the first place by blocking something either via Application control, web filtering or firewall rules.

Most of the time, the hosts are cell phones. A lot of the destinations are to vultr.com which appears to be a VPS service. Any advice is appreciated.



This thread was automatically locked due to age.
  • 0

    I'm not sure what order the ATP throws up warnings. However, my guess would be to put an exception into ATP and then put a block to that domain on the web proxy and FW

    I'd try and do it with a group eg ATP Exception Group etc across all parts eg ATP, Web proxy & FW if possible so that you only have to drop a host into a group for it to be blocked.

Unfiltered HTML