Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Gaurav_Pandya
Advisor

geo-um.btrll.com Suspicious Activity

Hi,

We are getting Suspicious web browsing activity report from Threat prevention and the URL which hits almost all users are geo-um.btrll.com. However action is showing blocked and Category is Botnets.

Anyone has idea about this? What are the precautions need to take.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

First of all this is a https://community.checkpoint.com/community/threat-prevention?sr=search&searchId=efab83ed-7362-4a86-b...‌ topic.

Second, it depends on the nature of the traffic.

What's it showing in the logs?

0 Kudos
Sajid_Abbas
Contributor

Hi,

We are having this same issue and getting a lot of matches under botnet category.

Is there an update that has been pushed or anything else

Sajid

0 Kudos
Gaurav_Pandya
Advisor

Hi,

I have gone through detailed user activity report and found that during this time mostly advertising URLs were opened which adds Popups / cookies and redirects to other URLs which is harmful.

This will not catch in Antivirus so need to remove those processes & Cookies to rectify the things.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events