Forum Discussion
MDE alerts with "Network traffic proxy redirector detected"
We are also seeing this behaviour on 5 of our +/- 1.5k devices.
Just connections firefox.exe and several ports:
[firefox.exe]
TCP 127.0.0.1:54407 127.0.0.1:54406 ESTABLISHED 14400
[firefox.exe]
TCP 127.0.0.1:54420 127.0.0.1:54421 ESTABLISHED 7652
[firefox.exe]
TCP 127.0.0.1:54421 127.0.0.1:54420 ESTABLISHED 7652
[firefox.exe]
TCP 127.0.0.1:54432 127.0.0.1:54433 ESTABLISHED 14628
[firefox.exe]
TCP 127.0.0.1:54433 127.0.0.1:54432 ESTABLISHED 14628
[firefox.exe]
TCP 127.0.0.1:54561 127.0.0.1:54562 ESTABLISHED 19452
[firefox.exe]
TCP 127.0.0.1:54562 127.0.0.1:54561 ESTABLISHED 19452
[firefox.exe]
TCP 127.0.0.1:54571 127.0.0.1:54572 ESTABLISHED 10864
[firefox.exe]
TCP 127.0.0.1:54572 127.0.0.1:54571 ESTABLISHED 10864
[firefox.exe]
TCP 127.0.0.1:54582 127.0.0.1:54583 ESTABLISHED 17636
[firefox.exe]
TCP 127.0.0.1:54583 127.0.0.1:54582 ESTABLISHED 17636
[firefox.exe]
Haven't figured out what's going on.
Normal behaviour from firefox.exe that's suddenly reporting as redirector proxy?
Or malicious activity?
Thanks for some response .