Jump to content

Possible false positives - few sites hxxp:\\ 34.230.127.91


Recommended Posts

Morning - MWB Detection gave a blocked website result for the following sites:

1. </34.230.127.91/> on port 56230 launched from AvastBrowser.exe - VirusTotal results for a scan of the IP address returned "Clean" for all engines.
2. </199.80.54.74/> on port 57938 launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "malware" result.
3. </192.243.59.20/> on port 62961 launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "suspicious" result
4. </gz06x5tqlj.com/> launched from msedge.exe - VirusTotal results for a scan of the IP address returned 1 engine registered a "malware" result / 1 engine registered a "suspicious" result

See images attached.

VirusTotal-results-34_230_127_91.JPG

VirusTotal-results-192_243_59_20.JPG

VirusTotal-results-199_80_54_74.JPG

VirusTotal-results-gz06x5tqlj_com.JPG

Link to post
Share on other sites

Kevin - thanks for this feedback.

We're using EPP Cloud, so the first set of steps will need to be scheduled from the management console.

I will try and get those logs to you later today.

The person is doing video editing/rendering using free online tools on certain sites; those sites however have pop-up ads and it is these that are being blocked by MWB end point protection.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.