This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9 Advanced Threat Protection

Hello all,

Since yesterday I keep receiving these emails:

"Advanced Threat Protection

A threat has been detected in your network
The source IP/host listed below was found to communicate with a potentially malicious site
outside your company.

Details about the alert:

Threat name....: C2/Generic-A
Details........:
http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spywa[..]
Time...........: 2018-05-20 09:42:50
Traffic blocked: yes

Source IP address or host: 218.28.68.126
        
-- 
System Uptime      : 18 days 1 hour 3 minutes
System Load        : 18.25
System Version     : Sophos UTM 9.509-3

Please refer to the manual for detailed instructions.

The send limit for this notification has been reached. No further
notifications of this type will be sent during this period."

The strange thing is that the Source IP/host is different all the times and it is not a known IP for me.
I had about 20 emails since yesterday and also the UTM processor % is about 90% since yesterday.

At the moment running Sophos Virus Removal Tool on all the Windows servers but I have the idea it won't find anything.
Anyone have experienced this or can point me in the right direction?



This thread was automatically locked due to age.
Parents Reply
  • Hello Jay Jay,

    Thank you for your reply.

    Okay I will have a look at that.

    Like I thought the Sophos Virus Removal Tool did not find anything on the Windows servers.

    But does blocking countries also mean incoming mail from those countries will be blocked?

    Kind regards

Children