- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-27-2024 09:04 PM
Hello Friends
Our XDR system recently reported a lot of these warnings, "Abnormal Recurring Communications to a Rare Domain to a Suspicious Autonomous System (AS)". Through information from XDR from the user's computer that has queried a website through Google Chrome or MS Edge. The investigation activity gets the user's access information that they have accessed and not accessed those website addresses.
This warning keeps appearing, so how to turn it off or how to find the exact cause of why this warning is there.
Thank you.
11-29-2024 05:39 AM
XDR should be telling you the actual domain does it not? This would start usually as a pretty typical check of the endpoint; verify that the user doesn't have any malicious extensions added and remove any of the websites that they may have granted notification access to would be the first things that I would check.
12-04-2024 05:19 PM
Hello BPry
Thank for your reply.
Yes, the domain name is in the notifications. We checked endpoints browser, most alerts from google chrome and we find no any domain in alert has granted notification access and there is no extension installed on the browser.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!