This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

An attempt to communicate with a botnet or command and control server has been detected.

hi,

can sophos please advise on how to troubleshoot this kind of errors ?

this alert comes to administrators/clients and looks severe

when you click show more info in central there is no more info

when you go in the XG or XGS in advanced threat protection, most of the times there is no mention of a botnet and in most cases the threat ip is 8.8.8.8

please advise on how we troubleshoot this kind of error.

This thread was automatically locked due to age.

Parents

0 dirkkotte over 3 years ago

A process try to resolve the name of an malicious server (or try to resolve an unknown server and get back the IP of a malicious server)
Sophos blocks this attempt.

No problem if this is a single event.
But the same event every 20 min, 2 hours or daily ... you should investigate.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 dirkkotte over 3 years ago

A process try to resolve the name of an malicious server (or try to resolve an unknown server and get back the IP of a malicious server)
Sophos blocks this attempt.

No problem if this is a single event.
But the same event every 20 min, 2 hours or daily ... you should investigate.

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data