[SID: 28803] System Infected: Infostealer.Chabibase Activity 2 attack blocked. Traffic has been blocked for this application:
This is the Even description from NTP log. Anyone came across this Malware infection.
What executable is showing, if any? Did this user attempt to access a malicious URL. You need to view this log in the SEPM for further detail.
Hi hackgeek,
I recomend investigating the computer which generated this IPS event. It is likely infected with malware.
Infostealer.Chabibase https://www.symantec.com/security_response/writeup.jsp?docid=2015-033114-4138-99
This may help:
Using Today's SymDiag to Combat Today's Threats https://www-secure.symantec.com/connect/articles/using-todays-symhelp-combat-todays-threats
Please do keep this thread up-to-date with your progress!
With thanks and bets regards,
Mick