Malware Detected Coming From PacketShapers IP address


Article ID: 168916


Updated On:


PacketShaper S-Series PacketShaper


You may have received alerts from a Malware Scanning Tool indicating that Malware is coming from your PacketShaper to the following addresses.

The Traffic reported will look similar to the request below.

Using Channel GET
channel: GET /2/R/329d199450ed14ca47b7b4fefb845d0b/BLUSHPR1/1/POST/http/ HTTP/1.1::~~Accept: */*::~~Accept-Language: en-us::~~User-Agent: PacketShaper::~~Host: MyApp::~~X-Application: 1::~~X-Orig-Content-Type: application/x-www-form-urlencoded::~~X-Orig-Content-Length: 0::~~::~~



The Addresses listed are the Bluecoat WebPulse Service Points. If you use the WebPulse service the PacketShaper will reach out to these IP Addresses periodically. 

This reported Malware is the PacketShaper reaching out to the WebPulse Service Points. This is not Malware.



Please treat this as a false positive. You may consider adding the WebPulse Service Point addresses to a whitelist perhaps.