cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

geo-um.btrll.com Suspicious Activity

Hi,

We are getting Suspicious web browsing activity report from Threat prevention and the URL which hits almost all users are geo-um.btrll.com. However action is showing blocked and Category is Botnets.

Anyone has idea about this? What are the precautions need to take.

0 Kudos
3 Replies
Admin
Admin

Re: geo-um.btrll.com Suspicious Activity

First of all this is a https://community.checkpoint.com/community/threat-prevention?sr=search&searchId=efab83ed-7362-4a86-b...‌ topic.

Second, it depends on the nature of the traffic.

What's it showing in the logs?

0 Kudos
Sajid_Abbas
Nickel

Re: geo-um.btrll.com Suspicious Activity

Hi,

We are having this same issue and getting a lot of matches under botnet category.

Is there an update that has been pushed or anything else

Sajid

0 Kudos

Re: geo-um.btrll.com Suspicious Activity

Hi,

I have gone through detailed user activity report and found that during this time mostly advertising URLs were opened which adds Popups / cookies and redirects to other URLs which is harmful.

This will not catch in Antivirus so need to remove those processes & Cookies to rectify the things.

 

0 Kudos