ATP alerts for 209.197.3.8

We're seeing the same alerts across all devices.

Thanks!

Submitted a support ticket...  will update here.

Same here, IP 209.197.3.8 is once again flagged as malicious.

Hello there,

Thank you for contacting the Sophos Community.

We have raised this to our Sophos  Labs team for investigation.

Regards,

Hello there,

Can you share your Case ID.

Regards,

Yes, same across our network. However, virustotal is scary for this address. A bunch of AV flagged it as malicious. Neither reverse DNS nor Whois make me think it has anything to do with Microsoft or Windows Update.

Response from Sophos:

Thank you for reproting this issue.

We have updated the ATP signature and it should no longer mark 209.197.3.8 as C2 attack. 

This IP address is used by Microsoft for windows update.

Please ensure that pattern updates are up to date if you are still facing the same issue. 

Talos Reputation information

What pattern version should I have, I am still getting ATP warnings for over 12 hours. My patterns are supposedly up to date.