Hi
When SEP are logging an Intrusion Prevention Critical 24 event..
Two things:
1. The event is more "informational" since there is no way of getting the nessecary information to act on it.
2. We need mote information: Web Attack: Fake Tech Support Website 295 attack blocked. Traffic has been blocked for this application: C:\WINDOWS\SYSTEM32\DNS.EXE - Since the traffic is blocked inbound to the DNS - we have noe trace on it for the URL/records beeing requested. And the Symantec logging is not showing any information about the URL/Record blocked..
We need mote insight in what have been blocked.
TechSupport Case: Case Number 28986369
Regards,
Audun