06-07-2020 03:43 AM
Has anyone else started getting DNS sinkhole threat alerts for the below domain? About half a day ago I started getting a tonne of sinkhole alarms from our PA for this URL. It looks to be a legitimate Microsoft domain and IP. In the PA threat log it comes up as Spyware.
skypedataprdcolase04.cloudapp.net
The PA threat vault shows the below:
Anyone else seeing this and any word of why it is happening? I'm getting alerts all day and from a whole lot of different internal hosts.
Thanks
06-07-2020 02:56 PM
It seemed to eventually stop itself overnight. I did notice the threat ID disappeared from the threat DB a couple of hours before my post, so maybe it took time for the PA's to sync and stop triggering alerts? Seems to be OK now.
06-07-2020 06:51 AM
Same here, alerting around every 10 to 15 minutes.
06-07-2020 01:21 PM
i have got the same thing to today , was it solved from your end .
all seem legit for me .
06-07-2020 02:56 PM
It seemed to eventually stop itself overnight. I did notice the threat ID disappeared from the threat DB a couple of hours before my post, so maybe it took time for the PA's to sync and stop triggering alerts? Seems to be OK now.
06-08-2020 10:12 AM
The DNS Security signature was disabled on 06/05/2020 14:22 PDT, and the Anti-Spyware DNS signature is no longer present with 06/07's release of the Antivirus package version 3372-3883. Please upgrade to this version (or later) to have the signature removed.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
