Register
FaceBook Twitter

[CLOSED] Block access to ip address

Container for RESOLVED incidents, queries SOLVED by the experts, EXPIRED topics or those that have been CLOSED by the users
Registered user
Posts: 2
Joined: Fri, 17 Aug 2012, 13:57

[CLOSED] Block access to ip address

Postby nuffmon » Fri, 17 Aug 2012, 15:48

Hi,

We have an unknown virus which starts from a file called thumbs.db2. We now know this file tries to access online-upd.at port 443 ip 87.117.205.62 which then seems to mutate the virus. Can i use the firewall in cloud office protection to block access to this ip address? if so, how? if not, does anyone have a suggestion? Panda does seem to be detecting this file from today but i'm concerned if it has been communicating to this site that it is finding other ways to infect us that are also unknown.

Registered user
User avatar
Posts: 516
Joined: Wed, 11 Apr 2012, 13:39
Location: Sofia, Bulgaria

Re: Block access to ip address

Postby rmadzharov » Fri, 17 Aug 2012, 16:57

Hello,

With regards to reporting the malicious website and file, please check the following article:
viewtopic.php?f=13&t=337

Hope this helps!

Cheers!
The postings on this site are solely my own and do not represent or constitute Panda Security's positions, views, strategies or opinions.

Registered user
User avatar
Posts: 35
Joined: Sun, 29 Jul 2012, 06:17
Location: South Georgia

Re: Block access to ip address

Postby sabap » Tue, 21 Aug 2012, 07:33

I thought for sure you could do this via:
> Installation and settings > Profiles > [your profile] > Firewall > System rule

However, in looking at it, it is lacking the ability to specify an outbound or "target address". The bottom fields, labeled "PC it applies to:" is confusing, as I thought these firewall rules applied to ALL the PCs in the profile. It would make more sense if this field were labeled "Target host machines it applies to:" and that it worked as such.

If I am mistaken, and you CAN specify an address that is outside the network using these fields, please let me know... as this will definitely solve this poster's issue and will instill clarification for me.
Image

Registered user
Posts: 2
Joined: Fri, 17 Aug 2012, 13:57

Re: Block access to ip address

Postby nuffmon » Tue, 21 Aug 2012, 12:22

That's the same place I went to but like you say it doesn't allow outside addressess. The ip address has changed it seems so I changed the FQDN to 127.0.0.1 in our dns as an interrim solution. As it is, it seems using a combination of panda, stinger, msert and a script to remove the files it seems to have stopped the virus but I would still like to see a few extra options in pocp.

Return to Adaptive Defense and Endpoint Protection - Archive Issues

Who is online

Users browsing this forum: No registered users and 0 guests