Not what you are looking for? Ask the experts!
Same blocked intrusion attempt several times a day. False positive?
I am getting the same notification that an intrusion attempt has been blocked several times a day. It says something about coming from "<b>icdn1.listlist.bizNetwork traffic from <b>icdn1.listlist.biz (whatever that is)" which seems to mean it is an external threat, but it also says it resulted from "\DEVICE\HARDDISKVOLUME3\USERS\CARLW\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" which seems to mean it is internal and coming from Chrome.
Even though the notification says it was blocked and no further action is necessary, it's still very worrying. Is this a false positive? Why the same thing again and again all day every day? Is there anything I can do to stop this once and for all? Here is the full notification text below. Appreciate any help.
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Destination Address,Source Address,Traffic Description
8/20/2019 5:54:17 PM,Medium,An intrusion attempt by icdn1.listlist.biz was blocked.,Blocked,No Action Required,Malicious Site: Malicious Domain Request 22,No Action Required,No Action Required,"icdn1.listlist.biz (18.104.22.168, 443)","DESKTOP-M5MLKD0 (100.120.35.40, 1046)",icdn1.listlist.biz (22.214.171.124),"TCP, https"
Network traffic from <b>icdn1.listlist.biz</b> matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME3\USERS\CARLW\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE. To stop being notified for this type of traffic, in the <b>Actions</b> panel, click <b>Stop Notifying Me</b>.