good day to you.
I've CAS alerts for blocked suspicious requests with unknown sources address like below.
Virus/PUS: "Suspicious:Trojan.Script.Generic" found!
by investigation I found the request is initiated from the proxy itself not from any user.
is there any clarification for that?
Thanks in advance.
Would like to know on how did you confirmed that the request is not initiated by a user? If there is no access-log associated with this, then it could be a cache refresh attempt by Proxy. Check whether this file is already in cache or not by following the article https://support.symantec.com/en_US/article.TECH241196.html .
you are right, the url request was due to cache refresh on the proxy.
I deleted it from the cache.
many thanks for your response and usual support.