Endpoint Security Complete

 View Only

Malicious traffic blocked for iexplore.exe

  • 1.  Malicious traffic blocked for iexplore.exe

    Posted Jan 14, 2021 05:30 PM
    <sym-ui-edr-event-summary event-metadata="eventViewCtrl.selectedMetadata" class="ng-isolate-scope">

    Hi all, on accessing a website for watching cameras, I get this message:

    Note: before installing the antivirus you could enter without problems.
    ___________________________________________________________________________________________________________-

    Malicious traffic blocked for iexplore.exe, threat URL reputation: Browser navigation to known bad URL.

    DESCRIPTION
    • [SID: 60501] URL reputation: Browser navigation to known bad URL attack blocked. Traffic has been blocked for this application: C:\Program Files (x86)\Internet Explorer\iexplore.exeMESSAGE
    • 8040: Host Network Detection EventEVENT TYPE ID
    • 1: SecurityCATEGORY
    • Jan 14, 2021 09:03:26 AMTIME
    • NETWORK_IPSFEATURE NAME
    • 1: BlockedDISPOSITION
    • ws-tlc01DEVICE NAME
    • 0.0.0.0DEVICE IP
    • DefaultDEVICE GROUP
    • domain.netDEVICE DOMAIN
    • Default Intrusion Prevention PolicyPOLICY NAME
    • URL reputation: Browser navigation to known bad URLTHREAT NAME
    • falseON PREMISES
    • DefaultDEVICE LOCATION DESC
    </sym-ui-edr-event-summary><sym-ui-edr-custom-tabs tab-details="eventViewCtrl.eventsTabNavModel" class="ng-isolate-scope">
    • Details
    • Vulnerabilities
    </sym-ui-edr-custom-tabs>
    <sym-ui-edr-event-details event-metadata="eventViewCtrl.selectedMetadata" event="eventViewCtrl.eventData" on-filter-in="eventViewCtrl.onFilterInField(field, value, eventViewCtrl.eventData)" on-filter-out="eventViewCtrl.onFilterOutField(field, value, eventViewCtrl.eventData)" class="ng-isolate-scope">
    Device
    Device Namews-tlc01
    Device Domain domain.net
    Device GroupDefault
    Device IP0.0.0.0
    Device Mac---
    Device OS NameWindows 10 Professional Edition
    Device Virtual Host Type---
    Device OS Type---
    Location---
    On Premisesfalse
    Device Location DescDefault
    User user01
    Actor Process
    Actor File Nameiexplore.exe
    Actor File Pathc:\program files (x86)\internet explorer\iexplore.exe
    Actor File Normalized Path---
    Actor File SHA16BD522A0F1B3F5C11E8E33C5062C45DD6E402113
    Actor File MD52E414291458B49ACDA42C80A4C10DE7E
    Actor File CreatedDec 7, 2019 04:10:07 PM
    Actor File Modified---
    Actor Command Line"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:11796 CREDAT:17410 /prefetch:2
    Actor Process Id11760
    Actor Process Session Id3
    Actor Integrity Id---
    Actor User Name---
    Actor App Name---
    Actor File Company NameMicrosoft Corporation
    Actor File Signature Value Ids---
    Signature Level---
    Parent Process
    Parent Process Nameiexplore.exe
    Parent File Pathc:\program files\internet explorer\iexplore.exe
    File Normalized Path---
    Parent Process SHA2F76F00939F1BE76152809C37591EF75D3C150745232E35697D99CAE09E31C2BC
    Parent File Sha19ED866E14BB54406C075929183524039AB851A25
    Parent File Md56BFE7CA23C89FD5809A48355EC5625EE
    Parent File CreatedDec 7, 2019 04:10:07 PM
    Parent File Folderc:\program files\internet explorer\
    Parent Cmd Line"C:\Program Files\Internet Explorer\iexplore.exe" "http://www.123test.com"
    Parent Pid11796
    Parent Process Session Id3
    File Signature Company NameMicrosoft Corporation
    _______________________________________________________________-

    how can I fix it?

    Thanks.
    </sym-ui-edr-event-details>