Views:

To configure Suspicious Connection Service to block/log the C&C IP address:

  1. On the Apex One web console, go to Agents > Agent Management.
  2. Navigate to Settings and click Additional Service Settings.
  3. Under Suspicious Connection Service, tick Windows desktops or Windows Server platforms.

    Suspicious Connection Service

    Click the image to enlarge.

  4. Go to Settings and click Suspicious Connection Settings.
  5. Tick Detect network connections made to addresses in the Global C&C IP list. For Apex One or newer, then select Log only or Block from the dropdown options.

    Suspicious Connection Settings

    Click the image to enlarge.

  6. Click Save.
  7. Test the connection to the C&C IP address. In Block mode, the alert will pop up and the log can be found under Suspicious Connection.

    Logs

Keywords: C&C,C&C IP address only logged,C&C IP address connections,C&C IP address OfficeScan,C&C IP address OSCE,monitor behavior,CCCACln,Suspicious Connection Service,block C&C IP connection
Comments (0)