backdoor: China.Chopper.Webshell.Client.Connection (Inquiry)

Forum|Forum|9 years ago
August 11, 2016
1 reply
6033 views

Hello,

Our fortinet product detected the following: backdoor: China.Chopper.Webshell.Client.Connection

I'd like to know how fortinet interprets this alert. Does this mean Webshell traffic was/is detected and confirmed to be happening on the system, or is this just an alert that lets us know when "attempted" Webshell exploit activity is detected?

Thanks in Advance!

localhost

Visitor III

Signature default is blocking for China Chopper.

So if you didn't manually overwrite the action, it got blocked:

The action should also be visible in your IPS Log on your Fortigate. Example from FortiAnalyzer:

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded