I need a solution
Hello - i have a question from our Info Security Office.
So the ISO has found 148 offenses in total that occurred Sat. 2/20 from about 8:00AM to 8:30AM. Offenses #6250-6398.
For the few where I am able to read the flow payload, the query appears to be related to Symantec. Such as liveupdate.symantecliveupdate.com The destination for all of these appears to be Google (8.8.8.8 & 8.8.4.4).
Our question is why are all of these machines using Google's DNS service to get the DNS info on liveupdate.symantecliveupdate.com.?
Is there maybe something hard coded in the Symantec update that would cause this? Or was the local DNS service down during this time?
Any info would be appreceiated.
0