false positive?

Edwin

We had these log entries this morning when we came in. I think this is a false positive. But I don't want to exclude this cloud id yet. Can anyone confirm that this is a false positive? We looked at the event log and concluded that it was Microsoft update + microsoft defender.

12/03/2023 07:28:05 - 809 - Security Services - Alert - 104.110.191.184, 80, X1 - 10.0.0.6, 58617, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:28:05 - 809 - Security Services - Alert - 104.110.191.184, 80, X1 - 10.0.0.6, 58618, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:28:15 - 809 - Security Services - Alert - 104.110.191.184, 80, X1 - 10.0.0.6, 58620, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:28:15 - 809 - Security Services - Alert - 104.110.191.184, 80, X1 - 10.0.0.6, 58621, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:28:18 - 809 - Security Services - Alert - 104.110.191.198, 80, X1 - 10.0.0.6, 58622, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:28:28 - 809 - Security Services - Alert - 104.110.191.198, 80, X1 - 10.0.0.6, 58624, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:43:19 - 809 - Security Services - Alert - 2.18.121.202, 80, X1 - 10.0.0.7, 49992, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:43:19 - 809 - Security Services - Alert - 2.18.121.71, 80, X1 - 10.0.0.7, 49993, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:43:29 - 809 - Security Services - Alert - 2.18.121.202, 80, X1 - 10.0.0.7, 49999, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:43:29 - 809 - Security Services - Alert - 2.18.121.71, 80, X1 - 10.0.0.7, 49998, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:43:33 - 809 - Security Services - Alert - 2.18.121.71, 80, X1 - 10.0.0.7, 50000, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:43:43 - 809 - Security Services - Alert - 2.18.121.71, 80, X1 - 10.0.0.7, 50002, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

12/03/2023 07:43:43 - 809 - Security Services - Alert - 104.110.191.184, 80, X1 - 10.0.0.7, 50005, X2:V2 - Gateway Anti-Virus Alert: (Cloud Id: 67452589) XPACK.GEN (Trojan) blocked.

BWC

@Edwin check this thread for some suggestions. It's Akamai and most likely Windows Update related.

https://community.sonicwall.com/technology-and-support/discussion/5581/is-this-message-indicative-of-a-false-positive-it-started-last-night-so-i-shut-down-the-pc

--Michael@BWC