Appliance gives loopback address for endpoint
This appliance was just installed weeks ago so we're still learning. We got a notice from the appliance:
03/16/2021 7:39:55 PM UTC
127.0.0.1 may have downloaded a malicious file. The endpoint may need to be cleaned.
Curious why it gives a loopback address? Viewing the full report does give an endpoint PC that likely downloaded the file. I guess technically the appliance DID download the file and forwarded it.