Solved

SonicWall TZ200W Logs

Posted on 2011-03-03
8
742 Views
Last Modified: 2012-05-11
03/03/2011 12:02:11.304      Alert      Intrusion Prevention      IPS Detection Alert: SOCIAL-NETWORKING Facebook -- Browsing Activity 1, SID: 2821, Priority: Low

Employee swears that he was not browsing FACEBOOK period.  What can cause this?
Could it simply be a link in a web page?  And advertisement?


0
Comment
Question by:kman48185
8 Comments
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 35030170
If he has a facebook add-on in his browser or some other Facebook widget etc... that will cause this. The simplest thing to do is isolate the system and then see what causes that entry in the log...
0
 
LVL 10

Expert Comment

by:akhalighi
ID: 35030359
Check his browser history . make sure he really didn't.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35030472
sounds as if you've already isolated the user, but certainly an advertisement can cause this. of course, the user could be lying as well. as akhalighi indicated, check their history.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:kman48185
ID: 35030692
Ok, I can check that, Does your opinion change any if, the browser was not being used at the time.  E.g. guy not in office at 7 AM but SonicWall logs shows entry.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35030756
hehehe...making this difficult, huh? well, my opinion then goes to malicious software on his workstation which may be accessing the internet. assuming, of course, they can prove they weren't at their desk at 7a, which i'm sure they weren't. we've all got better things to do than try to access facebook illegally from our workstations at 7a. might as well make the illegal website worth accessing if there's a possibility we'll get fired over it.

i'd scan the workstation with malwarebytes or similar.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35031290
interestingly enough, i was just looking through a viewpoint server that my laptop is connected to at a client site. i noticed that a website that i like to visit was listed, xkcd.com. this particular viewpoint report was for blocked sites and xkcd.com is categorized at adult/mature content. anyway, i'm certain that i didn't visit the site, i realized that my firefox browser has an RSS feed for this website. i'm sure that my browser tried to update the RSS feed and was blocked by the sonicwall creating blocked log entry.
0
 

Accepted Solution

by:
ee_auto earned 0 total points
ID: 35349246
Question PAQ'd and stored in the solution database.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question