Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor

AdBlock & IPS - Multiple Websites Mine Cryptocurrencies CPU Hijacking

Hi All,

 

Since a few weeks it's seems that Adblock updates are recognized as Multiple Websites Mine Cryptocurrencies CPU Hijacking by TP

Did you already had same behaviour ?

 

Time: 2021-01-13T13:30:17Z
Interface Direction: inbound
Threat Prevention Policy Date:2021-01-13T04:05:23Z
Source Port: 62680
Destination Country: United States
Destination: 104.22.66.219
Destination Port: 443
IP Protocol: 6
Session Identification Number:0x5ffef5e9,0x2a,0x9149db70,0xe25c3ad1
Policy Rule UID: 840ff45c-3225-47ab-af3d-3c11e18b4b9a
Threat Prevention Rule Id: 63785ED7-4343-4087-BC81-2D07DA2AD779
Reject Id Kid: 5ffef5e9-29-9149db70-e25c3ad1
Ser Agent Kid: Chrome
Action: Prevent
Type: Log
Policy Date: 2021-01-13T09:12:49Z
Blade: IPS
Service: TCP/443
Product Family: Threat
Action: Inspect
Resource: https://filters.adtidy.org/extension/ublock/filters/16.txt?_=1
Duplicated: 1
Index Time: 2021-01-13T13:31:18Z
Lastupdateseqnum: 85
Attack Name: Web Server Enforcement Violation
Attack Information: Multiple Websites Mine Cryptocurrencies CPU Hijacking
Protection Name: Multiple Websites Mine Cryptocurrencies CPU Hijacking
Protection ID: asm_dynamic_prop_MINE_CPU_HIJACK
Severity: Critical
Confidence Level: Medium
Performance Impact: Medium
Protection Type: IPS
Description Url: MINE_CPU_HIJACK_help.html
Suppressed Logs: 1
Sent Bytes: 1610
Received Bytes: 25470
Bytes (sent\received): 1.6 KB \ 24.9 KB

 

Thank you

Nicolas

Labels (2)
0 Kudos
Reply
3 Replies
Champion
Champion

Did you already point this out to TAC in a Content Classification Service Request ?

0 Kudos
Reply
Contributor

Hi,

I tried but they forwarded me to a long and annoying SK... sk98820.

We have the same behaviour in multiple infra so I guess we are not the only one to have this false positive. 

They didn't accept to try a reproduction in lab 😞

 

 

0 Kudos
Reply
Contributor

I've the exact same problem...

0 Kudos
Reply