Hey Folks, We did some further investigation on that issue and it turned out that it was not related to an ATP pattern update. The cause for the issue happening is due to a botnet, that started to send UDP DNS pakets through malicious domains. Those DNS requests were detected by the ATP rather than being blocked by the packet filter. After the botnet stopped sending DNS requests which stopped ATP reporting the alerts. We are working to improve the paket handling that those kind of traffic will be detected before it reaches the ATP engine. Best regards, Dominic Schmidl
↧