cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Anti-bot events today 12-19

Jump to solution

Anyone else running into a bunch of anti-bot detection events today? All of a sudden we have 80+ clients logging anti-bot detection events. Services flagged are svchost/chrome/IE. 

Most are tagged as Phising_website.bynzq

Trying to work with support, but they seem overwhelmed and don't have anyone available. 

Curious if anyone else has seen these today. 

Tags (1)
1 Solution

Accepted Solutions

Re: Anti-bot events today 12-19

Jump to solution

Turns out it was indeed a false positive, that impacts all version of the clients. Will be fixed in version 80.90 I guess. The fix I was given was to update all the clients to that version whenever it come out. 

Apparently R&D found out about it yesterday afternoon, sadly that didn't get shared with support or Incident Response until overnight. 

0 Kudos
5 Replies
Admin
Admin

Re: Anti-bot events today 12-19

Jump to solution

Can you send me the TAC case you opened in a PM?

0 Kudos

Re: Anti-bot events today 12-19

Jump to solution

sent a message:

As an update, it appears all of the events are trying to go to the same destination:

  ord30s26-in-f238.1e100.net    (216.58.192.238)

That appears to be a google hosted site, and virus total has it checked as clean. Not sure why Endpoint is flagging that activity, looks like a false positive, but trying to verify that.

0 Kudos
Admin
Admin

Re: Anti-bot events today 12-19

Jump to solution

Can you post a screenshot of the blocks you're seeing?

0 Kudos

Re: Anti-bot events today 12-19

Jump to solution

Turns out it was indeed a false positive, that impacts all version of the clients. Will be fixed in version 80.90 I guess. The fix I was given was to update all the clients to that version whenever it come out. 

Apparently R&D found out about it yesterday afternoon, sadly that didn't get shared with support or Incident Response until overnight. 

0 Kudos
Admin
Admin

Re: Anti-bot events today 12-19

Jump to solution

I was told the same thing through my contacts.