Advanced Protection of our UTM keeps flagging various internal machines with the C2/Zbot-A. These machines vary in OS (some are Windows 10 clients, some are Windows Servers from different years), but all are updated with the latest Defender definitions. I've even ran the Sophos AV on one machine to make sure it's clean, and found nothing.
The hosts are always internal IPs, while the destinations are either the UTMs internal host name or a public router seemingly owned by our ISP (ip-185-68-25-49.tempus.net.pl).
Is our ISP infected? Are WE infected and those aren't really false-positives? Or is UTM a bit too sensitive and flagging false positives all the time? I write "all the time" because the problem has been ongoing, and tends to happen a number of times each week. I've already tried creating a question about this before on these forums, but unfortunately haven't gotten a clear answer, so I've figured I'd try again (apologies if this is considered rude, but quite some time has passed).
This thread was automatically locked due to age.