FLEX500: Application Patrol: HideMyAss, x-vpn and Psiphon false positives?
Freshman MemberHello,
I'm experiencing a strange issue for the last 3-4 weeks as my FLEX500 is logging HideMyAss, x-vpn and Psiphon outgoing connections from many windows 10 and windows 11 lan computers.
These connections are vs specific public ips, ports 80 and 443, i.e. :
HideMyAss
52.21.115.110
34.111.175.102
34.160.176.28
44.220.123.14
35.186.243.246
x_vpn
20.101.38.191
51.89.9.254
178.250.1.12
Psiphon
51.89.9.252
I blocked outgoing connections to these ips and app patrol block no longer triggers.
I checked my PCs on LAN and none has HideMyAss, x_vpn, Psiphon or other vpn clients installed or running.
Is anyone experiencing the same issue?
Thank You,
t80
All Replies
-
Hi @t80,
Welcome to the Zyxel Community!
To further investigate the issue, we would appreciate your assistance in capturing packet when the issue occurs for analysis.
Please capture packets from:
- The USG FLEX 500
- The affected Windows PC(s)
After collecting the files, please provide the following information via private message by clicking my profile > Message:
- The packet capture files
- The approximate timestamp when the detection occurred
- The source IP address of the affected client PC(s)
This information will help us verify the behavior. Thank you for your cooperation!
Zyxel Tina
0
Zyxel Employee
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 229 Nebula Ideas
- 130 Nebula Status and Incidents
- 6.6K Security
- 661 USG FLEX H Series
- 359 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 56 Wireless Ideas
- 7.1K Consumer Product
- 305 Service & License
- 497 News and Release
- 95 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 5K FAQ
- 34 Documents
- 89 About Community
- 110 Security Highlight
