Solved

SonicWall TZ200W Logs

Posted on 2011-03-03
8
743 Views
Last Modified: 2012-05-11
03/03/2011 12:02:11.304      Alert      Intrusion Prevention      IPS Detection Alert: SOCIAL-NETWORKING Facebook -- Browsing Activity 1, SID: 2821, Priority: Low

Employee swears that he was not browsing FACEBOOK period.  What can cause this?
Could it simply be a link in a web page?  And advertisement?


0
Comment
Question by:kman48185
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 35030170
If he has a facebook add-on in his browser or some other Facebook widget etc... that will cause this. The simplest thing to do is isolate the system and then see what causes that entry in the log...
0
 
LVL 10

Expert Comment

by:akhalighi
ID: 35030359
Check his browser history . make sure he really didn't.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35030472
sounds as if you've already isolated the user, but certainly an advertisement can cause this. of course, the user could be lying as well. as akhalighi indicated, check their history.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:kman48185
ID: 35030692
Ok, I can check that, Does your opinion change any if, the browser was not being used at the time.  E.g. guy not in office at 7 AM but SonicWall logs shows entry.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35030756
hehehe...making this difficult, huh? well, my opinion then goes to malicious software on his workstation which may be accessing the internet. assuming, of course, they can prove they weren't at their desk at 7a, which i'm sure they weren't. we've all got better things to do than try to access facebook illegally from our workstations at 7a. might as well make the illegal website worth accessing if there's a possibility we'll get fired over it.

i'd scan the workstation with malwarebytes or similar.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35031290
interestingly enough, i was just looking through a viewpoint server that my laptop is connected to at a client site. i noticed that a website that i like to visit was listed, xkcd.com. this particular viewpoint report was for blocked sites and xkcd.com is categorized at adult/mature content. anyway, i'm certain that i didn't visit the site, i realized that my firefox browser has an RSS feed for this website. i'm sure that my browser tried to update the RSS feed and was blocked by the sonicwall creating blocked log entry.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 35349246
Question PAQ'd and stored in the solution database.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question