Determining the source of an infected network with Web Security.cloud
Last Updated August 23, 2016
You are using the Web Security.cloud service for protection but your network has been infected.
To determine what may have caused your network to become infected, ensure that:
No computer in your organization has recently connected to an unprotected network.
No peer-to-peer (P2P) or FTP software has been installed on computers in your organization.
No portable storage devices or media from unprotected sources have been connected to computers in your organization. Storage devices include floppy discs, CDs, DVDs, USB storage keys, iPod, etc.
No sources internal to your network have contributed to the infection. Such sources can include computers that have not applied software updates correctly or computers with no antivirus protection.
No direct HTTP requests were carried out.
Users have not removed the proxy settings from their Web browser. If users have removed the proxy settings, you can block HTTP access on port 80 on your firewall.
If none of these scenarios is evident, contact the Support team, preferably with an example of the suspected malicious code. To contact the Support team, log on to the portal and click Support > Contact Us.
Imported Document ID: TECH226751
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe