[ES] After being infected by the Purple Fox malware, the endpoint initiates malicious outbound connections, but ES is unable to terminate them.

Problem Description

ES's advanced threat has been alerting outbound connections, scanning with no results.

Effective Troubleshooting Steps

1. The corresponding port for the terminal does exist, and the corresponding process is occupying a relatively high amount of resources.
   
2. Use cmd to check fltmc. If the filter height is 429999, it is highly likely to be the Purple Fox virus.

Solution

Currently unable to handle the Purple Fox virus, consult EScs to obtain the Purple Fox special killing tool for disposal.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=16&type=1&category_id=2795&isOpen=true