Getting a bunch of Gateway AV alerts in the last half hour - sig 22097568
Gotten this from two machines in the last half hour, searching the SW sig database shows no results.
09/21/2022 22:24:21 - 809 - Security Services - Alert - 220.127.116.11, 80, X1 - 192.168.1.68, 56574, X0 - Gateway Anti-Virus Alert: (Cloud Id: 22097568) Dropper.GEN (Trojan) blocked.
virus scans on the machines are clean, and the three sets of alerts are to CDNs:
18.104.22.168 is limelight.com
22.214.171.124 is edgecast.com
126.96.36.199 is stackpath.com
This feels like a false positive to me? Any other users seeing this? Any thoughts?