Jump to content

Mark_Albrosco

Members
  • Content Count

    82
  • Joined

  • Last visited

Posts posted by Mark_Albrosco

  1. Morning - MWB Detection gave a blocked website result for the following sites:

    1. </34.230.127.91/> on port 56230 launched from AvastBrowser.exe - VirusTotal results for a scan of the IP address returned "Clean" for all engines.
    2. </199.80.54.74/> on port 57938 launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "malware" result.
    3. </192.243.59.20/> on port 62961 launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "suspicious" result
    4. </gz06x5tqlj.com/> launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "malware" result / 1 engine registered a "suspicious" result

    See images attached.

    VirusTotal-results-34_230_127_91.JPG

    VirusTotal-results-192_243_59_20.JPG

    VirusTotal-results-199_80_54_74.JPG

    VirusTotal-results-gz06x5tqlj_com.JPG

  2. Hi - we're using the Cloud Endpoint protection.

    The following is taken from the two endpoints that received the blocked website notice; are they at the most current versions/database?

    The EPP update differed for the two units.

    If not can one manually run an update of the DB for the Cloud EP?

    Engine Version: 1.2.0.793
    Last Refreshed: 07/21/2020 8:49:25 AM
    Asset Manager: 1.2.0.330
    Endpoint Protection: 1.2.0.831
    Endpoint Protection Protection Update: 1.0.17190 / 1.0.17170
    Component Package Version: 1.0.651

     

  3. Received blocked website notices for </pl15364254.passtechusa.com/> and </www.hiprofitnetworks.com/>
    VirusTotal scan returned one hit for "Spam" from Spamhaus engine for ESET the first site above (passtechusa); and "Clean / No engines detected this URL" for the second one (hiprofitnetworks).
    Would like to know if these are valid blocks or not.

    The EP protection report is attached.

     

    MWB-report-20200511.JPG

  4. Thanks Zynthesist,

    I'm assuming that the DB version is equal to the Endpoint Protection Update.

    I checked two other endpoints that experienced the same "blocked site" notices on the previous day. Their Endpoint Protection Update is now at 1.0.14775, and no further "blocked site" notices were received.

    I'm waiting on the scheduled tasks to "Check for Protection Updates" and "Refresh Assets" to be executed.

     

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.