I check our company Sophos UTM9 firewall, Advanced Threat Protection part, this have threat name "C2/Generic-A" events for AD/DNS Server as follow:
I use the sophos endpoint, malwarebytes & superantispyware to run full scan, but can't find any aviurs, Please help me to fix this problem, thanks a lot!
PS: 192.168.2.194 is primary AD & DNS Server, 192.168.2.12 is secondary AD & DNS Server.
Total Events: 32
Try to find out which endpoint is actually requesting this by turning on logging on the DNS on the DC's.
I already turn on DNS debug log at AD server to record the in/out traffic, thanks a lot for your reply!