Good afternoon,
First time poster here. If this is the wrong forum, then I apologize. Please let me know where to post this and I certainly will.
Starting on or around May 3rd, several of our end-users (5-10) have received a pop-up in the bottom right of the screen that says, [SID: 23737] Attack: Shellcode Download Activity Detected. For some it happens once in a while, others it's every hour. I saw that Symantec released an article on this (https://www.symantec.com/security_response/attacks...) but the problem has persisted for every user that I have tried those steps on (disable System Restore, update definitions and run a full system scan). There is another article about that message (https://www.symantec.com/security_response/attacks...), that says nearly the same thing but it lacks a solution.
I have even tried running Malware Bytes on these machines and I have not found anything there either. The version of Symantec is Version 14 build 1904 (for all users)
I have screenshots of the traffic at the time. It just looks like that machine is trying to ping one of our internal servers and Symantec is shutting it down, I'm guessing because it fears that it's a DDOS attack.
The users are not reporting any other issues with their machines. Symantec finds nothing, Malware Bytes finds nothing.
I am a bit stuck and not sure what to do or what to check from this point on, any advice would be welcomed.
Thank you,
