ソリューションが必要です
Hello,
We regularly monitor firewall/HIPS activity with SEP in our environment thanks to the great reporting/alerting features, but I want to throw this one out here to make sure I'm not misunderstanding something:
The event description above begins "System Infected: ZeroAccess P2P Request attack blocked..." but the direction is inbound. We usually see this particular SID when a given machine is itself infected, not when there is an attempted infection by another host. Is "inbound" mis-labeled here or is this simply pointing out a blocked external attack?
Much thanks in advance, and good hunting everyone...