Jump to content

DaveB-Opt

Members
  • Content Count

    21
  • Joined

  • Last visited

Profile Information

  • Location
    U.K.

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Actually I spoke too soon. The only affected machine is an internal server which always resides behind our firewall
  2. We have a threat notification for the following. However we have blocked all connections coming from 185.202.0.0/16 at the firewall level, and I'm unable to see any incoming traffic from that IP address in the last week (from the firewall logs also). I'm not sure what triggers this alert in ESET but I'm also unsure as to how the firewall didn't pick up the connection attempt? Can anyone shed some light on this detection. Process name System Rule name Rule ID Source address 185.202.1.204 Source port 320 Target address 192.168.8.43 Target port 80 Protocol TCP Occurrences per minute 1
  3. We're getting lots of blocked notifications which are showing as unresolved. 1. Is this normal behaviour? 2. Lots of them are going to one domain name. What can we do to mitigate? See messages below More details Hash A57DF2FDEBBCE21F5E1913B73797DF0B50BFA03E Uniform Resource Identifier (URI) https://hardyload.com Process name C:\Program Files (x86)\Google\Chrome\Application\chrome.exe Event An attempt to connect to URL Rule Blocked by internal blacklist Scanner HTTP filter Target address 172.64.205.27
×
×
  • Create New...