We recently implemented Cisco Umbrella and have a variety of sites blocked like a typical corporate environment. There are several computers that are frequently reaching out to numerous blocked sites, some on the list are: zillow.com, snapchat.com, etsy.com, youtube.com, myspace.com, netflix.com, facebook.com, target.com. All of these sites get hit and blocked within the same minute.
Information about these computers, all different makes and models, some brand new, some older than 4 years old.... I have ran malwarebytes, Sentinel1, Ccleaner. Rebuilt local profiles. Rebooted. I have been in front of one of the computers and can say there was no browser open actively going to these sites. This type of behavior makes me think that maybe it is a program trying to reach out to these sites.
How do I find out where this traffic is originating on these computers?
Thank you
No comments:
Post a Comment