A Sophos XG with version SFOS 17.5.15 MR-15 reports a daily communication attempt with a botnet or "command-and-control" server. However, the same happens with Sophos XG and the current version 18.There are connections to blog.alexmaccaw.com, which originate from Windows servers as well as clients. According to entries on the Internet, this site is from a blogger and is classified as "Normal = Green". A dedicated call of this page by users does not occur, it seems to be an issue in the Microsoft operating system or a specific application.Does the community know anything about this and is it possible to create a suitable whitelist for the blog.alexmaccaw.com website in the ATP?
Thank you for contacting the Sophos Community.
Would it be possible for us to show us the Alert and what SID is triggering if any.
You can add the domain under Protect >> Advanced Threat >>…
You can add the domain under Protect >> Advanced Threat >> Advanced Threat Protection >> Threat Exception.
Hello Emmanuel,Thank you very much for your answer. The background of the call must be in the HPE Data Protector application. We have configured the exception and are continuing to search at the Windows or application level.With kind regardsKay Werrmann