We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

Trojan Blocked on Sonicwall by gateway AV

Medium Priority
488 Views
Last Modified: 2013-11-22
Hello,
When checking the logs on our Sonicwall, I noticed that we had entries for a blocked Trojan. I have copied the latest log entries (there are also intrusion prevention, but these are OK). I could not copy over the header, therefore, it should be:
Does this mean we have a trojan on our machine? It looks like all of the things are coming from the outside as the source, not from inside. The 192.168.168.150 is inside our network, and is our SBS 2003 server.

If we do have this Trojan, how can we get rid of it?

The header for the log files, not attached is
# Time  Priority Category  Message Source  Destination

sonicwall-log.txt
Comment
Watch Question

Commented:
The entry that concerns me the most is #4. As I read it, it says that the traffic source was 192.168.168.154. Is that your server (your question states that .150 is your server, is that a typo)?

It is possible that the Sonicwall has done its job and blocked the suspicious threats - both the ones comming in and maybe, one going out. Maybe one got past the sonicwall and it blocked the rest.

Is this a one time occourance? OR are you seeing these messages constantly? Are you seeing a regular number of entries like #4 or was this the only one?

What Anti-Virus solution do you have installed on your server?

I would contact Sonicwall suppot - you should have support included with your updates and they may be able to give you more specific information about this particular trojan and to make sure you don't have it running on your network.

It isn't ideal, but if you are seeing messages like #4 regularly, you may want to try disconnecting the network cable from the server at a time you susspect that it may happen again to confirm that it is not comming from your server.

I hope that helps .... a little.
-Eric

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Eric,
It just started happening today, and the .154 is also a server, but not the SBS. It seems from looking into it that whenever Firefox tried to download the IE Tabs update, it was blocked by the sonicwall as having a trojan in it, which may account for the message only showning up whenever I tried to run the install Add on update in Firefox. On our servers, we have Panda FileSecure for Windows Server 2008. Thanks for all of your help - i will try calling Sonicwall to see what they think. Thank you!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.