I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…

Hello Communitiy, from time to time we have some false positives on APT. If I check the URL with VirusTotal often Sophos is the only vendor where the URL marked as "Malicious". An example is this URL: https://coronalevel.com/Germany If I check the…

We found all the *. idv.tw domains were blocked by ATP with XG. I have opened a case (ID: 04765685) to Sophos, but Sophos seems doesn't know the issue? Shunze

Hello, I found this old thread but didn't find it helpful. https://community.sophos.com/sophos-xg-firewall/f/discussions/124646/atp-reporting-external-ip-as-source From the ATP reports I am seeing Google and Cloudflare DNSs being reported. …

does anybody know what the cause of this alert ? also i want to stop it from it source ?

Hello some of our customers asked me about this so I think this will help others, too. 2021-10-18 10:24:07 192.168.36.181 enabaonag_laptop 192.168.36.1 C2/Generic-A www.google.com.512542883555094…