Jump to content

Blocked website notifcation


Recommended Posts

Hi all,

Keep getting the same notifcation on different servers multiple times per day.

 

Alert Time: 10/03/2017 11:15:57

Server Hostname: SERVER

Server IP: 192.168.0.254

Notification Catalog: Client

Description:

Malware threat detected, see details below:

10/03/2017 11:15:41       SERVER 192.168.0.254     Type: incoming, Port: 3389, Process: svchost.exe              Blocked web site         37.139.50.3

10/03/2017 11:15:49       SERVER 192.168.0.254     Type: incoming, Port: 3389, Process: svchost.exe              Blocked web site         37.139.50.3

10/03/2017 11:15:49       SERVER 192.168.0.254     Type: incoming, Port: 3389, Process: svchost.exe              Blocked web site         37.139.50.3

Link to post
Share on other sites

Hi CallumD, those logs show Anti-Malware's web blocker preventing access to an IP known to host malicious content. With the name "SERVER" and the process being svchost, I am assuming this 192.168.0.254 is one of your dns servers? Also the port is a higher number and the type is incoming, all this together to me looks like one of your users has a malicious ad loading on a webpage they are visiting, I don't believe this to be an infection but you can double check that by finding out what user this is and scanning their machine (you will likely need a traffic sniffer to watch for that IP so you can find out who it is). Otherwise, there's nothing to really do, Anti-Malware is doing its job perfectly here.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.