Results 1 to 4 of 4
  1. #1
    Untanglit
    Join Date
    Nov 2018
    Posts
    25

    Default MacBook Pro is generating events even when it's powered OFF

    My MacBook Pro has suddenly begun generating "Malware Distribution Point" server events.

    I have not been doing anything new or out of the ordinary nor have I installed any new software or appliations on this Mac.

    I have over a dozen of these "server events" many overnight when the Mac was powered OFF. I'm really curious how it could be generating any kind of event like this when it wasn't even active. It wasn't asleep, it was fully off.

    I've never even heard of this "editmysite.com" so I'm not even sure what is causing this.

    Malware Distribution Point website visit blocked:
    Web Filter blocked*http://cdn2.editmysite.com/js/site/m...50428*(Malware Distribution Point)

    Causal Event: WebFilterEvent
    {
    * * "timeStamp": "2019-02-11 20:12:56.252",
    * * "reason": "BLOCK_CATEGORY",
    * * "flagged": true,
    * * "blocked": true,
    * * "appName": "web_filter",
    * * "requestLine": "GET*http://cdn2.editmysite.com/js/site/main-customer-accounts-site.js?buildTime=1547150428",
    * * "category": "Malware Distribution Point",
    * * "sessionEvent": {
    * * * * "entitled": true,
    * * * * "hostname": "Glens-MBP",
    * * * * "CServerPort": 80,
    * * * * "protocol": 6,
    * * * * "protocolName": "TCP",
    * * * * "serverLatitude": 41.8483,
    * * * * "localAddr": "/192.168.1.113",
    * * * * "SServerAddr": "/151.101.185.46",
    * * * * "remoteAddr": "/151.101.185.46",
    * * * * "serverIntf": 1,
    * * * * "CClientAddr": "/192.168.1.113",
    * * * * "serverCountry": "US",
    * * * * "sessionId": 101441669914167,
    * * * * "SClientAddr": "/97.92.x.x,
    * * * * "clientCountry": "XL",
    * * * * "CClientPort": 56433,
    * * * * "policyRuleId": 0,
    * * * * "timeStamp": "2019-02-11 20:12:56.232",
    * * * * "serverLongitude": -87.6517,
    * * * * "clientIntf": 2,
    * * * * "policyId": 1,
    * * * * "SClientPort": 15164,

    Thanks in advance.

  2. #2
    Master Untangler deleted_account+152373@untangle.com's Avatar
    Join Date
    Sep 2016
    Location
    Malta
    Posts
    455

    Default

    Well if it is generating this alert the MAC is going someplace it shouldn't, try cleaning up the MAC. As for the alerts, they get sent over time cos of spam (emails where generated when MAC was on but get send to you over a piriod of time)
    Last edited by Chrismal; 02-12-2019 at 07:36 AM.
    I like to listen. I have learned a great deal from listening carefully. Most people never listen

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Probably false positive. That URL is no longer shown as a malware distribution point.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Untanglit
    Join Date
    Nov 2018
    Posts
    25

    Default

    Quote Originally Posted by dmorris View Post
    Probably false positive. That URL is no longer shown as a malware distribution point.
    This is what I was thinking at first. "Editmysite" seems to point to something I have never even used. A google search talked about something called Weebly.

    And unless Untangle is hours behind, to still be seeing these reports all night long even up to the early morning when I powered the Mac completely OFF at 9:30PM the night before.

    I could see as was said above the Mac was going somewhere it shouldn't, but, that didn't make sense since it began suddenly with no changes.

    By the way, all the warnings have stopped.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2