I use the Suricata as IDS on the local network that it doesn't the internet. It logged a few alerts from some clients that said A Network Trojan was detected
.
All log's properties are in the following:
Protocol: 006
Source: Client IP
Destination: Server IP
Signature: ET POLICY SMB2 NT Create AndX Request For an Executable File in a Temp Directory.
Signature ID: 1:2025703:2
Category: A Network Trojan was detected
I have Kaspersky antivirus that updated and also I have Malwarebytes that updated too, however, they hadn't detected any trojans.
Question:
Is this a false positive or maybe a real trojan that the antimalware can't detect it?
Server OS: Windows server 2012.
Client OS: Windows 7 and 10.
I use the Suricata default rule.