Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[ES] Accessing Malicious Domain After Installing ES

Posted
Updated
Byadmin
Views5

Problem Description

After installing ES, the terminal accesses malicious domain names.

Alarm Information

Effective Troubleshooting Steps

Use zombie network killing tools on the terminal to investigate and find no abnormal processes. Use Wireshark to capture packets and discover that there is indeed continuous access to malicious domains. Check ES Manager policy found that there is a configuration of terminal violation external access protection, and the domain name is consistent with the accessed malicious domain name.

Root Cause

Note: The violation prevention mechanism for external connections is that the ES client will actively detect whether it can access this domain name, rather than intercepting it afterwards.

Solution

The issue is resolved after removing the malicious domain detection from the strategy.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=16&amp;type=1&amp;category_id=2688&amp;isOpen=true