We have a handful of Windows 10 Pro machines on our network, and everyone of them is generating entries in the IPS log that look like this:
|Date:||11/27 13:04:21||Name:||GPL WEB_SERVER 403 Forbidden|
|Priority:||2||Type:||Attempted Information Leak|
|IP info:||(:444/cgi-bin/ipinfo.cgi?ip=):3128 -> :62881|
I’ve turned off all the privacy settings that I can find in Windows 10 Pro, I don’t have a way to tell what this is referencing. The log references SID 2101201, but I have not found any good explanations of what the rule is referencing and if it’s a concern.
Can anyone explain the rule, and what can be turned off on Windows 10 machines to turn off this kind of traffic?