ATP Event reoccurs every two to three days.
2021:04:13-01:45:20 nwusophos01 named[5282]: rpz: client @0xa519a18 10.161.1.2#49191 (61-219-11-153.hinet-ip.hinet.net): view default: rpz IP NXDOMAIN rewrite 61-219-11-153.hinet-ip.hinet.net via 32.153.11.219.61.rpz-ip.rpz
measurements already taken:
- enable DNS diagnostic logging on Microsoft active directory domain controller/dns server.
- match dns query to atp event: querying system is domain controller (10.161.1.2)
- scan of domain controller with customer's antivirus software
result: clean
- scan with sophos virus removal tool
result: clean
UTM:
Firmware version: 9.705-3
Pattern version: 197682
We need verfiy if ATP alert is a false postive or not. Please assist.
This thread was automatically locked due to age.