Decoy files false-positives?
We are using CC behind a TZ370 with Firewall enforcement and network alerts setup.
On several network clients we get Firewall alerts on IPS/BAD-FILES:
After further investigation on the Firewall I managed to pull the responder IP addresses: 188.8.131.52, 184.108.40.206, 220.127.116.11
The IP addresses belong to "sonicwall.sentinelone.net"
We have the decoy files function enabled in CC, could this be CC trying to download decoy files?