This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS alert every 5 minutes

Hello,

our company is getting IPS alert every 5 minutes (it started 12.5.2020, but our mail gateway blocked delivery of alert messages). There are different source ip addresses (total 84 IP adresses from GB, USA and EU), but destination is always the same - our WSUS server.

We used Sophos Virus Removal Tool on that server and it finished OK - no threats found.

 

What could this mean? Should we be worried? What should we check?

 

 

Intrusion Prevention Alert

An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.

Details about the intrusion alert:

Message........: BROWSER-IE Microsoft Edge App-v vbs command attempt
Details........: https://www.snort.org/search?query=48053
Time...........: 2020-05-21 10:10:46
Packet dropped.: yes
Priority.......: high
Classification.: Attempted User Privilege Gain
IP protocol....: 6 (TCP)

Source IP address: 8.241.45.126
Source port: 80 (http)
Destination IP address: ***
Destination port: 50027
       
--
System Uptime      : 34 days 15 hours 1 minute
System Load        : 0.31
System Version     : Sophos UTM 9.703-2

Please refer to the manual for detailed instructions.



This thread was automatically locked due to age.
Parents
  • Also we have seen this alerts today at only one customers site on:

    2.17.120.112

    2.17.120.34

    2.17.120.35

    2.17.120.130

    2.22.118.50

    2.22.118.75

    2.17.120.16

    2.17.120.8

    2.17.120.11

    2.17.120.32

    Messages:

    2200901
    BROWSER-IE Microsoft Edge App-v vbs Command
       
    48053
    BROWSER-IE Microsoft Edge App-v vbs command attempt

    Seem to be a false positive

Reply
  • Also we have seen this alerts today at only one customers site on:

    2.17.120.112

    2.17.120.34

    2.17.120.35

    2.17.120.130

    2.22.118.50

    2.22.118.75

    2.17.120.16

    2.17.120.8

    2.17.120.11

    2.17.120.32

    Messages:

    2200901
    BROWSER-IE Microsoft Edge App-v vbs Command
       
    48053
    BROWSER-IE Microsoft Edge App-v vbs command attempt

    Seem to be a false positive

Children
No Data