Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
infosec1023
New Contributor

Compromised Hosts

Hi all, I found that some hosts are found under Compromised Hosts.

 

1. Does it mean it is infected by malware? I scanned with AV and got nothing

2. One record show nylon.com is SpywareCnC but I checked it is a fashion website. Is it false alarm?

[link]http://nylon.com[/link]

 

 

Thank you!!

4 REPLIES 4
ede_pfau
Esteemed Contributor III

You check suspicious websites not on a FGT alone - use the 'net to get a picture what others say about it. If you really know that the rating is wrong you can challenge Fortinet to adjust their rating. Usually it only takes a short time until they respond.

A host may be compromised because of an AV event, but also IPS, Webfilter, SPAM, AppControl...this should be noted in the UTM logs.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
brazz_FTNT

Hello, 

 

One questions, do you have a valid IOC license ? Or are you using the demo license?

 

Cheers

mamuning2017

Hi brazz_FTNT 

 

In relation to this topic, our FortiAnalyzer uses the Demo one. 

 

And we also have some compromised hosts displayed. But show as blocked. 

 

I see that there is Ack. Im not sure if we need to Acknowledge these. 

 

Thanks for the advise. 

 

Cheers :D 

infosec1023

I using demo license only. thanks!

Labels
Top Kudoed Authors