Jump to content

Intucom

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi, our site https://maschinenring-jobs.at is falsely blocked and our users cannot access this page from endpoint protected devices. The site is an internal web-site used to display available jobs. Kind Regards
  2. Hi all, we have Endpoint Protection enrolled on some clients of ours, and on October 20th at 4:00-6:00PM we got some "suspicious activities" on the most different systems. I will send the detected activities as attachment. My question: Is there any way to determine if those "suspicious activities" are/were dangerous in some kind of way or if there were any compromisations/damages caused by those activities? Or are those entries false positivies? Any help will be appreciated. Thanks in advance.
  3. Hi @all, apparently one crucial application of ours needs an update, but Malwarebytes' Real-Time-Protection always puts the file into quarantine. Although by adding this MD5-Hash to our Exclusion List and restarting both Malwarebytes-Services, it will always be quarantined and I cannot continue with the update. Additional Information: Filename: isFree32.dll MD5-Hash: F0595AB3D8E9C7F09046A8C67BDA117D Detection-ID: 30bb801d-3577-11ec-93dc-000c297d4137 Any information/help on how to ignore this file would be appreciated. VirusTotal didn't detect this file as any threat tho (https://www.virustotal.com/gui/file/0a57ed4cb97416e02be406ff83b8ce832bb52b95927d5b7d4065801ff4585c94). Regards, INTUCOM
  4. Ok, good to hear. Thank you for your help. Is it possible to explain the cause/reason of this "blacklisting"?
  5. Hi, apparently one of our clients cannot send any Network packets to the domain mmc.at nor the subdomains mailscan02.mmc.at, mailscan01.mmc.at (Mail-Servers). MMC are Hosting-Providers and our exchange-servers cannot send to any mails to this domain. Can you please remove the block of this domain? Or explain why this domain and subdomains are blocked. One interesting thing: when DNS-resolving one of the affected Domain names we are getting 127.42.0.x DNS-Name Resolutions back - thus failing all requests to that domain. How is this exactly working? Is this the intended way to block "mailicious" websites/domains? Also i cannot get to fix this DNS-query so it will point to the correct IP-Addresses. Kind Regards, INTUCOM
  6. According to @knguyen1, who sent me a direct message. It IS a bug, which will be fixed in an upcoming version update. For us, it is sufficient enough to know that those are just false positives, so we do not need to disable this warning. If you want to disable this you can reach out to @knguyen1. I will mark this topic as solved.
  7. Hi @all, we are using Endpoint Protection for our Windows Server 2019 machines. Since last week we are receiving several "Exploit"-Detections (see attached screenshot) on different machines on different networks in regular intervals (all affected machines have TerminalServer-Services enabled and more than 20 users are working on them). Thankfully those "Exploits" are getting blocked, but obviously the cause cannot be removed or suppressed - which is quite unfortunate. The "Location"-Attribute of the detections is making me nervous (ComSpec=C:\Windows\system32\cmd.exe seems pretty dangerous) - any idea how to track down the cause or the corrupt program/file (if there is any)? Any idea how to prevent those Exploit-Detections? Thanks in advance
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.