causing Win.Trojan.NetWiredRC variant registration message

Head in the Cloud causing Win.Trojan.NetWiredRC variant registration message

I have a client that is getting a Win.Trojan.NetWiredRC variant registration message when they try to access their web development site at  They are being denied access to that site because of the message (and I have Security in the MX set to Prevention).  I appears the MySQL requests are causing the message.


I have whitelisted the site in both AMP and content filtering, but that does not solve the issue.  Besides whitelisting the IDS rule, is there another way to allow traffic to and from




- Dave Anderson

Dave Anderson
2 Replies 2
Kind of a big deal

AMP is the malware scanner, and Snort is the IDS/IPS. If it's Snort that's triggering then whitelisting in AMP probably won't help. Have you whitelisted in Snort?



Kind of a big deal

Check Security Center - You will find the threat there if IDS is detecting it


Change the Mode or Ruleset down a notch and see if that resolves the issue


99% certain the data is actually on a different URL that I am thinking there are multiple URLs to whitelist, although not sure of them.


Below is a doc regarding Google Drive URLs, so it gives you some ideas

Get notified when there are additional replies to this discussion.