Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 4 subscribers
  • Views 3634 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Endpoint Update and UTM 9.4 IPS

Kyle Palmieri

Sophos Antivirus had an update yesterday to Version 10.7.2. While this was occurring the following IPS alert began popping.

 

Intrusion Prevention Alert

 

An intrusion has been detected. The packet has been dropped automatically.

You can toggle this rule between "drop" and "alert only" in WebAdmin.

 

Details about the intrusion alert:

 

Message........: FILE-OTHER TRUFFLEHUNTER TALOS-CAN-0179 attack attempt

Details........: https://www.snort.org/search?query=40803

Time...........: 2017-04-27 14:43:38

Packet dropped.: yes

Priority.......: high

Classification.: Attempted User Privilege Gain IP protocol....: 6 (TCP)

 

Source IP address: 10.40.0.105

Source port: 80 (http)

Destination IP address: 10.30.0.86

Destination port: 54384

 

SSI-UTM-1

 

--

System Uptime      : 25 days 7 hours 2 minutes

System Load        : 1.70

System Version     : Sophos UTM 9.411-3

 

The source IP is a sophos update manager and the destination IP is an endpoint

 

Anyone else run into this or something similar using a Sophos UTM and Sophos enterprise console or endpoint behind that utm?

 



This thread was automatically locked due to age.
Unfiltered HTML