I have a suspicious wifi access point mac address ba:b2:a3:17:7b:b3 reported/displayed in the Symantec endpoint console. The mac address vendor is unknown in the wireshark vendor lookup tool. I have scanned our network to see if this mac shows up anywhere without any luck.
Here is the "explanation" from Symantec: The system administrators of this corporate Wi-Fi defined a set of properties identifying hotspots in the network. By analyzing the data from the WiFi connection Symantec identified a discrepancy that indicates a suspicious hotspot.
What to do next? I would like to hear if anyone has experienced a similar situation?
