Hi all:
I check our company Sophos UTM9 firewall, Advanced Threat Protection part, this have threat name "C2/Generic-A" events for AD/DNS Server as follow:
I use the sophos endpoint, malwarebytes & superantispyware to run full scan, but can't find any aviurs, Please help me to fix this problem, thanks a lot!
PS: 192.168.2.194 is primary AD & DNS Server, 192.168.2.12 is secondary AD & DNS Server.
Total Events: 32
Since today I have the same issue with my AD DCs. I checked them with McAfee ENS and found nothing. I reset the Advanced Threat Protection, maybe it was just a false positive.
Pattern is 183185
Same over here.
Since this morning i'm getting serveral DNS-proxy alerts for the adress "e13678.dspb.akamaiedge.net".
Seems to be a false postive when so many users seeing the same alerts...^^
I check the firewall, ATP, log, all is the connection drop records for AD/DNS server to akamaiedge.net IP address,
Is it all false positive? Thanks!
I think maybe some client pc have some problem....