Advanced Tread Protection

Question

Hello, I have multiple messages in Advanced Tread Protection. 
 2023:06:22-03:43:37 xxx ulogd[13536]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth0" threatname="C2/Generic-A" srcmac="c4:65:16:12:c5:f4" dstmac="7c:5a:1c:61:d3:d4" srcip="10.40.10.3" dstip="209.197.3.8" proto="6" length="52" tos="0x00" prec="0x00" ttl="128" srcport="50975" dstport="80" tcpflags="SYN" 
 The IP 209.197.3.8 belongs to hwcdn.net and is a part of Microsoft Update Network. 
 Have I false positive messages or is it a Problem I should be concerned about? 
 Greetings 
 Tom

Danny la Fleur · Accepted Answer

Hi Tom, 
 Sophos marked this ip in the ATP but its a windows update target server, so yeah its a false positive. 
 They already removed the IP from the list as seen in this post: ATP alerts for 209.197.3.8 - General Discussion - UTM Firewall - Sophos Community 
 Greetings 
 Danny