Browse By Tags

  • Known traffic to CnC but Sophos silent

    Hi, I have events triggered to a known CnC server. I see the events triggered on my NIDS from my internal sources (running Endpoint Advanced) and looking at the Sophos Firewall logs I see that swi_fc.exe connected to the IP address of the CnC server…