This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos ATP DNS dropping *.hwcdn.net domains

Hi all

We are seeing a lot of dropping from Sophos UTM9 packages (ATP DNS) from *.hwcdn.net.

Someone else?

Examples;


cds.f7y3z2w8.hwcdn.net
cds.d2s7q6s2.hwcdn.net
cds.c4s5i3x5.hwcdn.net

Looks like it is from Windows Update / Microsoft, but some sites telling its malicious, others not.

Also, I found it: https://answers.microsoft.com/en-us/windows/forum/all/are-microsoft-webservices-safe-behind-next-public/b819c103-2cb3-4874-b46e-b375360a3bf6



This thread was automatically locked due to age.