
Mark_Albrosco
-
Content Count
82 -
Joined
-
Last visited
Posts posted by Mark_Albrosco
-
-
-
-
-
-
Kevin - thanks for this feedback.
We're using EPP Cloud, so the first set of steps will need to be scheduled from the management console.
I will try and get those logs to you later today.
The person is doing video editing/rendering using free online tools on certain sites; those sites however have pop-up ads and it is these that are being blocked by MWB end point protection.
-
Morning - MWB Detection gave a blocked website result for the following sites:
1. </34.230.127.91/> on port 56230 launched from AvastBrowser.exe - VirusTotal results for a scan of the IP address returned "Clean" for all engines.
2. </199.80.54.74/> on port 57938 launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "malware" result.
3. </192.243.59.20/> on port 62961 launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "suspicious" result
4. </gz06x5tqlj.com/> launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "malware" result / 1 engine registered a "suspicious" resultSee images attached.
-
-
-
-
-
-
-
-
-
-
Afternoon - the following site came up as a blocked site; VirusTotal scans of the IP address returned "Clean" from all engines
</142.0.204.220/> outbound port 65217
Regards,
Mark.
-
Afternoon - the following site came up as a blocked site; VirusTotal scans of the URL returned "Clean" from all engines
</www.shopcourts.com/>
Regards,
Mark.
-
Hi - we're using the Cloud Endpoint protection.
The following is taken from the two endpoints that received the blocked website notice; are they at the most current versions/database?
The EPP update differed for the two units.
If not can one manually run an update of the DB for the Cloud EP?
Engine Version: 1.2.0.793 Last Refreshed: 07/21/2020 8:49:25 AM Asset Manager: 1.2.0.330 Endpoint Protection: 1.2.0.831 Endpoint Protection Protection Update: 1.0.17190 / 1.0.17170 Component Package Version: 1.0.651 -
Morning - the following site came up as a blocked site; VirusTotal scans of the URL returned "Clean" from all engines
</ fp-afd.azurefd.net />
Regards
Mark
-
Morning - the following sites came up as blocked sites; VirusTotal scans of the URL returned "Clean" from all engines
</lubychina.com/> </airtechusa.com/>
Regards
Mark
-
Received blocked website notices for </pl15364254.passtechusa.com/> and </www.hiprofitnetworks.com/>
VirusTotal scan returned one hit for "Spam" from Spamhaus engine for ESET the first site above (passtechusa); and "Clean / No engines detected this URL" for the second one (hiprofitnetworks).
Would like to know if these are valid blocks or not.The EP protection report is attached.
-
Thanks TeMerc - so the block is valid. MWB keeping us safe from even those on the fringes.
-
-
Thanks Zynthesist,
I'm assuming that the DB version is equal to the Endpoint Protection Update.
I checked two other endpoints that experienced the same "blocked site" notices on the previous day. Their Endpoint Protection Update is now at 1.0.14775, and no further "blocked site" notices were received.
I'm waiting on the scheduled tasks to "Check for Protection Updates" and "Refresh Assets" to be executed.
Possible false positive - hxxp:\\ 142.0.204.220 part 2
in Website Blocking
Posted
Morning - MWB Detection reported a blocked website as follows </142.0.204.220/> on port 54552 launched from msedge.exe
VirusTotal results for a scan of the IP address returned "Clean" for all engines. This was reported on a previous post on 16-Dec-2020; the IP address was to be reviewed as per JPopovich's response