[CLOSED] Block access to ip address

[nuffmon]

Hi,

We have an unknown virus which starts from a file called thumbs.db2. We now know this file tries to access online-upd.at port 443 ip 87.117.205.62 which then seems to mutate the virus. Can i use the firewall in cloud office protection to block access to this ip address? if so, how? if not, does anyone have a suggestion? Panda does seem to be detecting this file from today but i'm concerned if it has been communicating to this site that it is finding other ways to infect us that are also unknown.

[rmadzharov]

Hello,

With regards to reporting the malicious website and file, please check the following article:
http://support.pandasecurity.com/forum/ ... f=13&t=337

Hope this helps!

Cheers!

[sabap]

I thought for sure you could do this via:
> Installation and settings > Profiles > [your profile] > Firewall > System rule

However, in looking at it, it is lacking the ability to specify an outbound or "target address". The bottom fields, labeled "PC it applies to:" is confusing, as I thought these firewall rules applied to ALL the PCs in the profile. It would make more sense if this field were labeled "Target host machines it applies to:" and that it worked as such.

If I am mistaken, and you CAN specify an address that is outside the network using these fields, please let me know... as this will definitely solve this poster's issue and will instill clarification for me.

[nuffmon]

That's the same place I went to but like you say it doesn't allow outside addressess. The ip address has changed it seems so I changed the FQDN to 127.0.0.1 in our dns as an interrim solution. As it is, it seems using a combination of panda, stinger, msert and a script to remove the files it seems to have stopped the virus but I would still like to see a few extra options in pocp.