German Forum ATP C2/Generic-A Cloudflare 188.114.97.3 ?

UTM Firewall requires membership for participation - click to join

Thread Info

State Verified Answer
+11 person also asked this people also asked this
Locked Locked
Replies 37 replies
Answers 1 answer
Subscribers 38 subscribers
Views 21054 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ATP C2/Generic-A Cloudflare 188.114.97.3 ?

Timo Bergmann over 1 year ago

Guten Abend,

ist hier etwas dran weshalb Sophos die IP 188.114.97.3 als Malicious einstuft oder wieder ein FalsePositive?

Unser ATP der UTM9 meldet das seit Freitag bei DNS Anfragen ...

This thread was automatically locked due to age.

Top Replies

Karlos over 1 year ago in reply to Mathias Dorn +5 verified

HI all, we can confirm that this is a false positive and are working to publish updates to fix this issue. This is identified under LAB-78247. Thank you for your understanding as we actively work on this…

Parents

0 kerobra over 1 year ago

Die XGs sind ein wenig gesprächiger, scheint mal wieder irgendein Edge-Feature zu sein. Eventuell die automatisch angezeigten Nachrichten?
Microsoft selbst wird ja vermutlich eher nix bei Cloudflare hosten...

Regards,

Kevin

Sophos CE/CA (XG, UTM, Central Endpoint)
Gold Partner
Cancel
Vote Up +2 Vote Down

Cancel
0 LuCar Toni over 1 year ago in reply to kerobra

Do the following:
Filter in logviewer for the IP (use only the string search on the top right site).
Then move to the detailed view and check, which URL was opened.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 1 year ago in reply to kerobra

Do the following:
Filter in logviewer for the IP (use only the string search on the top right site).
Then move to the detailed view and check, which URL was opened.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 kerobra over 1 year ago in reply to LuCar Toni

I can only see the URL when searching the IP in the Web filter logs. Over the day the fqdn changed quite a few times...

And ATP keeps banging on all our firewalls. The UTMs are relatively quiet now, but the XG/XGs are notifying every 10 minutes or so. And additionally Central mails are coming from some customers. We are totally bombed by those mails today...

Regards,

Kevin

Sophos CE/CA (XG, UTM, Central Endpoint)
Gold Partner
Cancel
Vote Up 0 Vote Down

Cancel
0 AndreasE over 1 year ago in reply to kerobra

(deleted)
Cancel
Vote Up 0 Vote Down

Cancel
0 kerobra over 1 year ago in reply to AndreasE

Thanks for the reminder, I deleted the image. I am a bit fuzzy today.

Regards,

Kevin

Sophos CE/CA (XG, UTM, Central Endpoint)
Gold Partner
Cancel
Vote Up +1 Vote Down

Cancel