Advanced Threat - Is this a false positive?

Question

Got several alerts from different areas this morning with ATP being tripped. 
 
 What happened: Sophos Firewall detected malicious connections: 'C2/Generic-C' at 'C:\program files (x86)\Google\Chrome\application\chrome.exe' (Technical Support reference: 0) 
 
 Looking at firewall logs the IP that is being flagged is: 199.59.242.153 
 
 Anyone else, is this a false positive?

emmosophos · Answer

Hello Community, 
 This is confirmed to be a False Positive. 
 Our Labs team is actively working on resolving this. 
 More info in the following KB 
 Regards,

BrucekConvergent · Answer

My 2 cents -- we're seeing this at a number of sites, it appears a marketing site called mapitquick.net --- the links embedded on some popular site out there) uses this IP for tracking purposes, etc. -- frankly we are just blocking the domain to prevent the annoying messages from popping up, frankly in this case probably a false positive, but do your own investigation. 
 
 Meant to add -- this IP is probably a load balancer IP, etc. and maybe shares its use with another site that maybe was malicious, who knows. Won't be the first time I've seen ATP freak out in this manner.

Advanced Threat - Is this a false positive?

Top Replies