Hi, on 9.707,
e13678.dspb.akamaiedge.net was flagged by the ATP system tonight:
2021:08:28-19:50:28 fw named: rpz: client 192.168.1.3#57698 (e13678.dscb.akamaiedge.net): view default: rpz QNAME NXDOMAIN rewrite e13678.dscb.akamaiedge.net via e13678.dscb.akamaiedge.net
Since Akamai is normally considered a trustworthy CDN, I need more information. What is the reason the traffic is suspicious?
(home user and commercial customer)
same here, lots of alerts here for DNS requests to that host. Sophos please fix or post reason for this ATP block.
Virustotal showing only Sophos blocking the host.
Mutliple locations having same detections.
maybe they just fixed it?
support says it is a false positive, escalated to labs to fix it.
The bad pattern was corrected in under 11 hours. Such notifications started coming in on 8/28 at about 11 PM EDT (UTC-0400) from about 10 client UTMs and stopped about 10 AM EDT the next day.
Cheers - Bob