Covert Malware communication

Hello Tamiltk,

Could you further explain what is occurring? Are there any logs under Log & report -> Security Events -> IPS, about traffic being bypass/blocked?

Hi Tamiltk,

From the IPS signatures' point of view, we have signatures to detect botnet communication, remote access tools, reverse shells, etc. To detect communications over covert channels, make sure an IPS sensor with all signatures is enabled with the default action, as it should detect and/or block these communications.

Please enable deep inspection, as most of the traffic is in the HTTPS protocol and needs to be decrypted.

If you have found a solution, please like and accept it to make it easily accessible to others.