https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444787#M1359 <P>Hello,</P><P>Starting on 31st of October following the threat and content update 8480-7019, we noticed that traffic to wordpress sites ending in the URL&nbsp;<SPAN>wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js is being flagged as generic C" traffic. Checked the IP addresses and URLs on Virustotal and they are all clean.</SPAN></P><P><SPAN>Wondered if anyone else has been experiencing this?</SPAN></P> Mon, 01 Nov 2021 16:41:29 GMT MichaelWrigh 2021-11-01T16:41:29Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444787#M1359 <P>Hello,</P><P>Starting on 31st of October following the threat and content update 8480-7019, we noticed that traffic to wordpress sites ending in the URL&nbsp;<SPAN>wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js is being flagged as generic C" traffic. Checked the IP addresses and URLs on Virustotal and they are all clean.</SPAN></P><P><SPAN>Wondered if anyone else has been experiencing this?</SPAN></P> Mon, 01 Nov 2021 16:41:29 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444787#M1359 MichaelWrigh 2021-11-01T16:41:29Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444833#M1360 <P>Also seeing similar hits on a few sites as of the 10/31 update.</P><P>threatid: WGeneric.atbsxx C2 traffic(385282722)</P><P>misc: &lt;various domains&gt;/wp-content/plugins/elementor/assets/lib/swiper/swiper.min.js?ver=5.3.6</P> Mon, 01 Nov 2021 18:29:45 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444833#M1360 rosboro 2021-11-01T18:29:45Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444901#M1361 <P>Palo Alto Networks has been working on the false positive issue with "WGeneric.atbsxx C2 traffic(385282722)". The signature will be disabled in AV version 3888.</P> Mon, 01 Nov 2021 23:49:46 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444901#M1361 ymiyashita 2021-11-01T23:49:46Z https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444946#M1363 <P>Thank you for the response, much appreciated.</P> Tue, 02 Nov 2021 08:36:49 GMT https://live.paloaltonetworks.com/t5/advanced-threat-prevention/possible-false-positive-c2-traffic/m-p/444946#M1363 MichaelWrigh 2021-11-02T08:36:49Z