Suspicious connection blocked by network protection on one endpoint

%3CLINGO-SUB%20id%3D%22lingo-sub-1596712%22%20slang%3D%22en-US%22%3ESuspicious%20connection%20blocked%20by%20network%20protection%20on%20one%20endpoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1596712%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20All%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20received%20an%20alert%20inside%20the%20ATP%20%22Suspicious%20connection%20blocked%20by%20network%20protection%20on%20one%20endpoint%22.%3C%2FP%3E%3CP%3EWhat%20action%20needs%20to%20be%20taken%20on%20this.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1596712%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eazure%20atp%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1597788%22%20slang%3D%22en-US%22%3ERe%3A%20Suspicious%20connection%20blocked%20by%20network%20protection%20on%20one%20endpoint%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1597788%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F141516%22%20target%3D%22_blank%22%3E%40Prashant%20Sharma%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EWhat%20are%20you%20trying%20to%20accomplish%3F%26nbsp%3B%20Is%20there%20a%20problem%20this%20is%20causing%3F%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20seems%20like%20that%20type%20of%20event%20was%20created%20by%20Windows%20Defender%20Exploit%20Guard%20Attack%20Surface%20Reduction%20%26gt%3B%20Network%20Protection%20trying%20to%20protect%20the%20endpoint.%26nbsp%3B%20Do%20you%20see%20any%20other%20suspicious%20behavior%3F%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EGladys%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fazsecuritypodcast.net%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazsecuritypodcast.net%2F%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi All,

 

I have received an alert inside the ATP "Suspicious connection blocked by network protection on one endpoint".

What action needs to be taken on this.

1 Reply

@Prashant Sharma 

What are you trying to accomplish?  Is there a problem this is causing?

It seems like that type of event was created by Windows Defender Exploit Guard Attack Surface Reduction > Network Protection trying to protect the endpoint.  Do you see any other suspicious behavior? 

Gladys
https://azsecuritypodcast.net/