06-11-2021 09:42 AM
We are investigating alerts of this DNS signature for x1.c.lencr.org.
I'd expect that a match for a clear text string in a DNS Request that it is very unlikely this is a false detection.
However to get alerts so quickly after this signature creation, suggests we are either very unlucky or a very common public internet resource if causing this fly-by access. Anyone else receiving this threat alert shortly after an apparent WF update.