This morning a few users are triggering a web filter alert. Pages they are visiting such as msn.com or yahoo.com shows compromised host detected. Referring to loadm.exelator.com. I since then blocked the url from our end to prevent access to it. Ran a scan on the computers and came back clean. Any suggestions?
We saw this domain come up as IOCs against a few users over the last 24 hours, all blocked by web filter. It looks like some malvertisements on news websites.
If you had some successful sessions I would suggest to investigate the users browsers.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.