Ja, ich suche eine Lösung
We have implemented the Symantec Web Gateway (virtual edition) in a monitoring only capacity using a span port. We have notice a large number of Active Bot detections coming from internal IP Addresses. When we visit these computers, we are unable to detect any sort of infection whatsoever. We have used the tools available from Symantec (SEP 12.1, Power Eraser, SERT) as well as tools from other vendors and can't find anything wrong. Is it possible that the Active Bot detections are due to legitimate IP/Port scanning from things like Windows 7 / Mac OS X Network Discovery, Media Sharing, iTunes, etc?
Need help. This is driving us crazy.
Thank you,
-Craig
