This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM9 Advanced Threat Protection have threat name "C2/Generic-A" events for AD/DNS Server

Hi all:

I check our company Sophos UTM9 firewall, Advanced Threat Protection part, this have threat name "C2/Generic-A" events for AD/DNS Server as follow:

I use the sophos endpoint, malwarebytes & superantispyware to run full scan, but can't find any aviurs, Please help me to fix this problem, thanks a lot!

PS: is primary AD & DNS Server, is secondary AD & DNS Server.



Advanced Threat Protection

Total Events: 32

  User/Host Threat Name Destination Events Origin  
1 C2/Generic-A 5 AFCd
2 C2/Generic-A 5 AFCd
3 C2/Generic-A 1 AFCd
4 C2/Generic-A 1 AFCd
5 C2/Generic-A 2 AFCd
6 C2/Generic-A 2 AFCd
7 C2/Generic-A 1 AFCd
8 C2/Generic-A 1 AFCd
9 C2/Generic-A 1 AFCd
10 C2/Generic-A 2 AFCd

This thread was automatically locked due to age.
  • Same here, C2 alerts for all coming from my DNS Server:

    1     DNS_Server     C2/Generic-A     142       AFCd
    2     DNS_Server     C2/Generic-A     61         AFCd
    3     DNS_Server     C2/Generic-A     58         AFCd
    4     DNS_Server     C2/Generic-A     1 473    AFCd
    5     DNS_Server     C2/Generic-A     824       AFCd
    6     DNS_Server     C2/Generic-A     440       AFCd

    And unfortunately is a CNAME for

    Type Domain Name Canonical Name TTL
    CNAME 60 min
    CNAME 6 hrs
    CNAME 15 min
  • Thanks for your info., so I need the check or ignore the alerts?

Reply Children