encoding – How to investigate Fortiguard alert for buffer overflow?

For a few days, Fortiguard sends me this alert: Quest.NetVault.Backup.Multipart.Request.Header.Buffer.Overflow

The packets come from the visitor wifi network and they are sent to google.com.

I sent a message to Fortinet support and waiting for the answer.

I assume it can be a false positive but the attack context in alert look like:


(not the real string but it contains some “AAAAA” and some base64 string).

How can I investigate further?