Hello,
We've been getting these warnings for a month or 2 now from our Firepower appliance. Searching online there is not a lot of clear results but on a few forums some people say it's a false positive and has something to do with Windows Updates. Any thoughts on this? I've done a whois lookup and the IP addresses are from our ISP. What is going on here?
Here are the complete notifications we are getting:
[1:48053:1] "BROWSER-IE Microsoft Edge App-v vbs command attempt" [Impact: Vulnerable] From "ASA-5508-SFR" at Tue Oct 20 01:17:19 2020 UTC [Classification: Attempted User Privilege Gain] [Priority: 1] {tcp} 205.185.216.10:80 (united states)->192.168.1.150:51061 (unknown)
[1:48053:1] "BROWSER-IE Microsoft Edge App-v vbs command attempt" [Impact: Vulnerable] From "ASA-5508-SFR" at Tue Oct 20 01:10:30 2020 UTC [Classification: Attempted User Privilege Gain] [Priority: 1] {tcp} 205.185.216.42:80 (united states)->192.168.1.150:51031 (unknown)
[1:48053:1] "BROWSER-IE Microsoft Edge App-v vbs command attempt" [Impact: Vulnerable] From "ASA-5508-SFR" at Tue Oct 20 01:20:26 2020 UTC [Classification: Attempted User Privilege Gain] [Priority: 1] {tcp} 64.126.3.75:80 (united states)->192.168.1.150:51077 (unknown)
related post: https://www.reddit.com/r/meraki/comments/hs08sg/microsoft_edge_appv_vbs_command_attempt_for/
Any suggestions on what actions I should take to resolve this? I've attempted to manually install the update mentioned in the post and it says it's not applicable to my system. Thanks!
No comments:
Post a Comment