User profile for user: Razor_64
Razor_64 Author
User level: Level 1
4 points

Unknown Software Flagged by Firewall

Hello,


I have recently been notified by my company's IT department that there was an intrusion attempt on the company's wi-fi network through my network user. For context, we use Sophos Firewall system to manage all wi fi access.


First time it happened was about a week ago, and then again today. The firewall blocked the attack but the IT notified me to check my laptop. I use MacBook Air M1 with Sonoma 14.3.1 . xProtection is running and the only thing I downloaded/installed in the last month was Microsoft Teams (ironically).


The firewall provided the following information:


  • Attacked platform - Linux (which I find very weird as I'm just using macOS)
  • Intrusion attack - SERVER-OTHER IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow (again, very strange as I don't have/use anything remotely similar to that)
  • 3 attack attempts blocked by the firewall


Additionally, I usually work with a paid VPN on (NORD) but has been off for the last couple of weeks since the firewall is blocking it's use (together with social media, YouTube, etc.).


I have tried to search for any foreign application/software but can't seem to find anything so I would to like to see if anyone has any suggestions/recommendations for what could be the next steps? Any good way to scan for malware, etc.?


Thank you.


MacBook Air 13″

Posted on Aug 25, 2025 11:37 AM

Reply
5 replies
User profile for user: KiltedTim
KiltedTim
User level: Level 10
220,266 points

Aug 25, 2025 12:29 PM in response to Razor_64

You said you are using Nord VPN. Why? The implication is that you were using Nord VPN to bypass your company firewall rules to access content they are intentionally blocking, especially given that they are now apparently blocking the VPN.


Attempting to circumvent network security is (at my company and many others) an offense that will get you terminated.



Reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
140,753 points

Aug 25, 2025 01:55 PM in response to Razor_64

Remove Norton, if that was not provided by IT.


And for an organizational VPN, I'd expect IT to use a VPN intended to connect into the organization's own internal network, and not a "coffee shop" VPN.


VPNs can allow two-way network traffic — connections from client to server, and server to client.


Some "coffee shop" VPNs can also use your ISP network connection as an exit host for traffic from other VPN users, too.


For assistance with Sophos products or your IT-issued Mac, contact your IT organization. They know your setup and corporate requirements best, where we can guess. At best.


As for your Mac accessing Wi-Fi, that's something you'll have to discuss with IT — specifically, what was detected? The whole internet knocks on firewalls incessantly, so presumably there was something more than the usual background chatter. Or you're connected behind the firewall via local Wi-Fi, and something unspecified was detected.


Your Mac is running a version of macOS about 18 months out of date, too. That probably means this Mac is not centrally managed, as that'd usually get a managed or supervised client blocked from the private network prior to updating to macOS 14.7.8 or 15.6.2.


How to troubleshoot this from the IT side depends on what was detected, and what conclusions were drawn from that detection. Also on the network and security gear involved. None of which folks here will know about.

Reply

Unknown Software Flagged by Firewall

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up