Botnet Detection by Client

We have been seeing some of our systems show up in this list for reaching out to know botnet IPs. I have not seen any patterns and it seems like it is different systems each day. These systems show as clean when scanned with our antimalware software and there are no other indications of compromise. How serious should we take this Botnet Detection report from WatchGuard? Is there any other way to confirm these results?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @itCOdtQ
    Botnet just blanket blocks an IP based on multiple threat sources. It doesn't have any context as to why a client might be trying to visit a site.

    Sites are often hosted on CDNs that host content for multiple sites on one IP, so it's completely possible that a client was trying to reach a legitimate site. Advertisment servers are also often targeted, so there might just have been an advertisement trying to load.

    So long as you can look at the PC and determine it's clean, that's generally going to be sufficient. I wouldn't use botnet hits as a reason to condemn a machine.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.