Jump to content
tomt007

ANSWERED Malicious Domain - False Positive ?

Recommended Posts

Working from home on Business Laptop running Win 10 with MB and Office 13 - Outlook was open and reviewing email when I received a MW Trojan Alert from one of the emails.  The difficult aspect is the MW info does not identify what the email was?

Research on the IP indicates its AWS - Miami DNS ?  the pardot.com is sales force

I access Corp AWS  accounts from both of my Systems but different email on outlook for both systems and no common email that I can identify.  Is this a false positive on this IP ? 

Checking the MW logs I get the following: 

Work Laptop

Website blocked: 3;36 PM EST -

CAT - Trojan

Domain: storage,pardot.com

IP: 13.32.80.42

Port: 64343

Type Outbound

File :

c:\Program Files\Microsoft Office15\OUTLOOK>EXE

 

Home WS

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 8/6/19
Protection Event Time: 4:45 PM
Log File: 1cd12586-b88b-11e9-982c-3417ebbf9797.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.586
Update Package Version: 1.0.11880
License: Trial

-System Information-
OS: Windows 10 (Build 17763.615)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: storage.pardot.com
IP Address: 13.32.80.42
Port: [58650]
Type: Outbound
File: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

Hello,

Please run an update as this block was removed earlier and your update package is not the latest.

Thanks. 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.