topic Re: Suspect false positive matching for threat ID 95501 (Remote Desktop Licensing RCE) in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/suspect-false-positive-matching-for-threat-id-95501-remote/m-p/594734#M3584 <P>hello, i wrote the same topic on the forum this morning and i can ensure you that is false positive in our network. I opened a tac case.&nbsp;</P> <P>For the moment you can put the signature 95501 with IP address exception and the action to alert.&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UscCAE" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UscCAE</A></P> <P>Best regards;</P> Tue, 13 Aug 2024 12:59:11 GMT RomainSalmon 2024-08-13T12:59:11Z Suspect false positive matching for threat ID 95501 (Remote Desktop Licensing RCE) https://live.paloaltonetworks.com/t5/next-generation-firewall/suspect-false-positive-matching-for-threat-id-95501-remote/m-p/594683#M3568 <P>Hello!</P> <P>&nbsp;</P> <P>Not yet sure if this is a false positive or not, but since latest content update one of our customers is having issue with the new signature 95501 related to<SPAN>&nbsp;</SPAN><A class="relative pointer-events-auto a hover:underline " href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077" target="_blank" rel="noopener nofollow ugc">CVE-2024-38077</A>. It looks like it's blocking legitimate traffic between RDS server and licensing server.</P> <P>Wonder if anybody is having the same issue.</P> <P>&nbsp;</P> <P>Thanks!</P> Tue, 13 Aug 2024 07:54:22 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/suspect-false-positive-matching-for-threat-id-95501-remote/m-p/594683#M3568 emyl_79 2024-08-13T07:54:22Z Re: Suspect false positive matching for threat ID 95501 (Remote Desktop Licensing RCE) https://live.paloaltonetworks.com/t5/next-generation-firewall/suspect-false-positive-matching-for-threat-id-95501-remote/m-p/594734#M3584 <P>hello, i wrote the same topic on the forum this morning and i can ensure you that is false positive in our network. I opened a tac case.&nbsp;</P> <P>For the moment you can put the signature 95501 with IP address exception and the action to alert.&nbsp;<A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UscCAE" target="_blank">https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UscCAE</A></P> <P>Best regards;</P> Tue, 13 Aug 2024 12:59:11 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/suspect-false-positive-matching-for-threat-id-95501-remote/m-p/594734#M3584 RomainSalmon 2024-08-13T12:59:11Z Re: Suspect false positive matching for threat ID 95501 (Remote Desktop Licensing RCE) https://live.paloaltonetworks.com/t5/next-generation-firewall/suspect-false-positive-matching-for-threat-id-95501-remote/m-p/594889#M3594 <P>Hello, they have disabled the signature in the new content update. <A href="https://live.paloaltonetworks.com/t5/customer-advisories/customer-issue-impacting-applications-and-threats-content-update/ta-p/594842" target="_blank">https://live.paloaltonetworks.com/t5/customer-advisories/customer-issue-impacting-applications-and-threats-content-update/ta-p/594842</A></P> <P>have a good day</P> Wed, 14 Aug 2024 08:47:02 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/suspect-false-positive-matching-for-threat-id-95501-remote/m-p/594889#M3594 RomainSalmon 2024-08-14T08:47:02Z