Forum Discussion
Maximilian Demajo
Sep 22, 2021Copper Contributor
BITS Downloading App updates from unknown endpoint
Hi, Our IDS started freaking out today because a large number of our endpoints started initiating BITS downloads to an unknown endpoint. My initial reaction was ransomware, but after further inve...
Maximilian Demajo
Oct 07, 2021Copper Contributor
JasonC2021 Thanks for checking this out. It appears that article does not contain any of the endpoints we are seeing, although it is dated. Unfortunate that they do not keep a complete list of contacted endpoints.
Have you noticed any further strange activity stemming from your devices since this started happening?
A bit worrying that I have not seen any further mention of these endpoints online
RA_Howtwo2012
Feb 17, 2023Copper Contributor
Maximilian Demajo We are seeing IPS triggered due to a “virus” coming from one of these CDN’s. Only a certain number of devices, random, and they are blocked from download a 3D viewer app update that doesn’t appear listed on the apps page (that version). I’m concerned this is similar to a solarwinds style attack and can’t believe Microsoft would allow it. These should be pushed updates, everything is turned off for auto well anything and delivery opt. Is off as well.