Working from home on Business Laptop running Win 10 with MB and Office 13 - Outlook was open and reviewing email when I received a MW Trojan Alert from one of the emails. The difficult aspect is the MW info does not identify what the email was?
Research on the IP indicates its AWS - Miami DNS ? the pardot.com is sales force
I access Corp AWS accounts from both of my Systems but different email on outlook for both systems and no common email that I can identify. Is this a false positive on this IP ?
Checking the MW logs I get the following:
Work Laptop
Website blocked: 3;36 PM EST -
CAT - Trojan
Domain: storage,pardot.com
IP: 13.32.80.42
Port: 64343
Type Outbound
File :
c:\Program Files\Microsoft Office15\OUTLOOK>EXE
Home WS
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 8/6/19
Protection Event Time: 4:45 PM
Log File: 1cd12586-b88b-11e9-982c-3417ebbf9797.json
-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.586
Update Package Version: 1.0.11880
License: Trial
-System Information-
OS: Windows 10 (Build 17763.615)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Trojan
Domain: storage.pardot.com
IP Address: 13.32.80.42
Port: [58650]
Type: Outbound
File: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE