Incidents are created for the IP Watchlist rule with Multicast address (as a Source or Destination) showing up in events in Symantec Security Information Manager (SSIM) correlation engine.
This happens from time to time, this is an automated mechanism with some algorithm on the DeepSight side, having to do with X number of clients reporting it in Y timespan.
The IP 220.127.116.11 was reported on the BotNet list a number of times.
The workaround is to use the White list feature in the SSIM lookup table. See "IP Whitelist Table" table.
This is happening with using Static content (LiveUpdate) from Global Intelligence Network. Sequence 2011120601.
Login to Subscribe
Please login to set up your subscription.
Get support for your product, with downloads, knowledge base articles, documentation, and more.
Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.
Submit a suspected infected file to Symantec.
Report a suspected erroneous detection (false positive).
Set default language
Do you wish to save this as your future site?