Anti-Virus Alerts Trojan Blocked
James_H
Newbie ✭
Anyone else seeing these today?
Gateway Anti-Virus Alert: (Cloud Id: 84647956) Agent.FL (Trojan) blocked.
SonicOS 7.0.1-5119-R4713 (2CB8-EDD9-B520)
I'm getting them every couple of minutes coming from Windows computers. We haven't looked at the PCs yet. Hoping this is a false positive due to updates or something.
Source IPs include Akami and Level 3 communications which are both CDNs so we aren't super concerned yet.
Just wanted to see if anyone else is seeing this today. 07/07/2023 - Started about 3:00 am Pacific time.
Category: Entry Level Firewalls
Tagged:
0
Answers
Getting the same thing but from only a single computer. Just so happens to be the only Windows 11 computer.
Thought I would add some of the source IP's involved.
69.164.40.8 - Limelight Networks - https-69-164-40-8.bfi.llnw.net
72.21.81.240 - Edgecast Inc.
8.252.111.254 - Level 3 Communications, Inc.
8.240.39.126 - Level 3 Communications, Inc.
209.197.3.8 - StackPath LLC
Ours are also coming from Windows 11 PCs. Just 2 of them currently and we have about 100 running Win 11.
We are getting this too from just one computer as well (Windows 10). We have 69.164.40.8 today but last week it was 209.197.3.8, which I researched and found someone saying it's a Microsoft Defender update server.
Edit: According to https://otx.alienvault.com/indicator/ip/69.164.40.8 this is associated with Microsoft update URL, but also malicious detections.
These alerts stopped coming in for us on the evening of the the 7th. I think they must have been false positives. We never really found the cause.