This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lots of [CRIT-861] Advanced Threat Protection Alerts generated after recent pattern update

Have about 100 Sophos SG's deployed. Several of them automatically updated to pattern version # 198832 today. Starting at roughly 3PM Central Time 5/6/2021 today we started receiving advanced threat detection alerts. The IP being flagged is 104.18.20.226. Oddly, alienvault shows the most recent DNS name associated with that IP is " sophos.naumann-systemhaus.de " 

anyone else seeing this? is this just a bad pattern push?



This thread was automatically locked due to age.
Parents
  • Among my clients, [CRIT-861] alerts began on 6 May at 15:13 (UTC-0500) and ended on 7 May at 16:22 (UTC-0500).  There was indeed an aptp update installed after that that probably fixed the problem.  Do you see 'u2d-aptp-9.38712.tgz.gpg' in your Up2Date log just after these alerts stopped?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Among my clients, [CRIT-861] alerts began on 6 May at 15:13 (UTC-0500) and ended on 7 May at 16:22 (UTC-0500).  There was indeed an aptp update installed after that that probably fixed the problem.  Do you see 'u2d-aptp-9.38712.tgz.gpg' in your Up2Date log just after these alerts stopped?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children