Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Anti-Virus Alerts Trojan Blocked

Anyone else seeing these today?

Gateway Anti-Virus Alert: (Cloud Id: 84647956) Agent.FL (Trojan) blocked.

SonicOS 7.0.1-5119-R4713 (2CB8-EDD9-B520)

I'm getting them every couple of minutes coming from Windows computers. We haven't looked at the PCs yet. Hoping this is a false positive due to updates or something.

Source IPs include Akami and Level 3 communications which are both CDNs so we aren't super concerned yet.

Just wanted to see if anyone else is seeing this today. 07/07/2023 - Started about 3:00 am Pacific time.

Category: Entry Level Firewalls
Reply

Answers

  • xenophontxxenophontx Newbie ✭

    Getting the same thing but from only a single computer. Just so happens to be the only Windows 11 computer.

  • James_HJames_H Newbie ✭

    Thought I would add some of the source IP's involved.

    69.164.40.8 - Limelight Networks - https-69-164-40-8.bfi.llnw.net 

    72.21.81.240 - Edgecast Inc.

    8.252.111.254 - Level 3 Communications, Inc.

    8.240.39.126 - Level 3 Communications, Inc.

    209.197.3.8 - StackPath LLC

  • James_HJames_H Newbie ✭

    Ours are also coming from Windows 11 PCs. Just 2 of them currently and we have about 100 running Win 11.

  • OldGeeOldGee Newbie ✭
    edited July 2023

    We are getting this too from just one computer as well (Windows 10). We have 69.164.40.8  today but last week it was 209.197.3.8, which I researched and found someone saying it's a Microsoft Defender update server.

    Edit: According to https://otx.alienvault.com/indicator/ip/69.164.40.8 this is associated with Microsoft update URL, but also malicious detections.

  • James_HJames_H Newbie ✭

    These alerts stopped coming in for us on the evening of the the 7th. I think they must have been false positives. We never really found the cause.

Sign In or Register to comment.