Hi all, I found that some hosts are found under Compromised Hosts.
1. Does it mean it is infected by malware? I scanned with AV and got nothing
2. One record show nylon.com is SpywareCnC but I checked it is a fashion website. Is it false alarm?
[link]http://nylon.com[/link]
Thank you!!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You check suspicious websites not on a FGT alone - use the 'net to get a picture what others say about it. If you really know that the rating is wrong you can challenge Fortinet to adjust their rating. Usually it only takes a short time until they respond.
A host may be compromised because of an AV event, but also IPS, Webfilter, SPAM, AppControl...this should be noted in the UTM logs.
Hello,
One questions, do you have a valid IOC license ? Or are you using the demo license?
Cheers
Hi brazz_FTNT ,
In relation to this topic, our FortiAnalyzer uses the Demo one.
And we also have some compromised hosts displayed. But show as blocked.
I see that there is Ack. Im not sure if we need to Acknowledge these.
Thanks for the advise.
Cheers :D
I using demo license only. thanks!
When it comes to "Compromised Hosts," it doesn't necessarily mean the site is infected with malware, but it could indicate potential vulnerabilities. It's good that you've scanned with AV software, but it's always worth checking other security tools to be sure. Sometimes, websites can be flagged incorrectly, especially if there’s any suspicious activity associated with them, like unusual traffic patterns or links. As for the nylon.com case, it’s possible it’s a false alarm, but I’d still recommend using additional layers of protection, like a firewall, or monitoring the site for any unusual behavior.
Staying proactive with security measures and regularly updating your software can help prevent potential risks in the future.
1. The term "compromised hosts" typically indicates that the hosts have exhibited suspicious or malicious behavior, which could suggest a security breach or compromise. Running an antivirus scan that comes back clean does not guarantee that the host is free from all types of malware. It's recommended to conduct a thorough security assessment beyond just antivirus scans to ensure the host's integrity.
2. If a legitimate website like nylon.com is flagged as "spywarecnc" in your security assessment, it could be a false positive. Sometimes security tools may incorrectly flag benign websites due to various reasons like outdated threat intelligence or misinterpretation of website behavior. You can further investigate by checking multiple reputable sources or contacting the website owner to confirm if it's a false alarm
Compromised hosts doesn’t always mean a host is infected with malware, but it does suggest that the device might be behaving suspiciously.
It could be due to unusual traffic, failed login attempts, or other indicators that it could be compromised.
AV scans alone might not catch everything, so you may need to look for other signs, like unusual network activity.
Nylon.com being flagged as "SpywareCnC" could be a false positive, especially if it’s a legitimate website like you mentioned.
Sometimes, security systems flag websites incorrectly.
It’s a good idea to double-check using other tools (like a URL scanner or threat intelligence site) to confirm if it’s safe.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.