cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Not applicable
Report Inappropriate Content
Message 1 of 2

Abnormal attack logs

Hi TAC, Need your assist on verify the capture logs is normal or abnormal. Please refer to the attached screenshot as your reference. Noticed Muieblackcat is doing port scanning, and when we check on the attack logs but some of it shows n/a. Besides that, we found out the Source IP were NSM IP. Thanks, Wilson Wong
1 Reply
ibryan
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Abnormal attack logs

Hello,

 

The 'BOT Muieblackcat activity detection' alert that NSP triggers is only to detect the occurrence of the Muieblackcat activity.  This mean the alert will show a result of n/a.  There is also a signature called 'BOT Muieblackcat traffic detected I' that has the blocking option disabled by default but has alerting enabled by default.

 

Please can you provide the screenshots and captures of the BOT Muieblackcat alert so we can review the detection.

 

Many Thanks,

 

Ian Bryan

Technical Support Engineer

Customer Success Group

McAfee

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community