https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9494#M6970 <HTML><HEAD></HEAD><BODY><P>You may have seen already, but PA are advising that we should roll back to 484.</P><P></P><P>Regards,</P><P>Dave</P></BODY></HTML> Thu, 12 Feb 2015 09:12:43 GMT DavePalo 2015-02-12T09:12:43Z https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9491#M6967 <HTML><HEAD></HEAD><BODY><P>Anyone noting a large increase in triggering of following threat ID's after this Update (485-2569) was applied? </P><P></P><P>( threatid eq 36485 ) - <SPAN style="color: #222222; font-family: Tahoma, Arial, Helvetica, sans-serif; font-size: 11px; background-color: #ebedee;">OpenSSL SSL/TLS MITM vulnerability</SPAN></P><P>( threatid eq 36420 ) - <SPAN style="color: #222222; font-family: Tahoma, Arial, Helvetica, sans-serif; font-size: 11px; background-color: #ebedee;">OpenSSL TLS Heartbeat Information Disclosure Vulnerability - Reverse Heartbleed</SPAN></P><P></P><P>I've rolled it back as it was dropping a lot of HTTPS traffic for sites that looked ok on closer inspection.</P><P></P><P>This is mainly for internal users connecting to external sites out of our control for the first threat ( 36485 ).</P><P>The reverse ones (<SPAN style="font-size: 13.3333330154419px;">36420) </SPAN> i'm not so worried about as they are probably dodgy sites to begin with.</P></BODY></HTML> Wed, 11 Feb 2015 02:07:44 GMT https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9491#M6967 paul.stinson 2015-02-11T02:07:44Z https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9492#M6968 <HTML><HEAD></HEAD><BODY><P>Hi Paul,</P><P></P><P>You can take captures for those threat packets and open up a case.</P><P>Please refer: <A href="https://live.paloaltonetworks.com/docs/DOC-2769">How to Submit a Virus/Vulnerability False Positive</A></P><P></P><P>Regards,</P><P>Hitesh Mistry</P></BODY></HTML> Wed, 11 Feb 2015 18:08:17 GMT https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9492#M6968 hmistry 2015-02-11T18:08:17Z https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9493#M6969 <HTML><HEAD></HEAD><BODY><P>I am having the same thing on my site.&nbsp; 100's of alerts coming from untrust-&gt; our DMZ, there have been a 5 or 6 of the OpenSSL MITM from internal - untrust.</P><P></P><P>The updated installed last night at 3am on our boxes and alerts started at 3:08am.&nbsp; Reverting back for now.</P></BODY></HTML> Wed, 11 Feb 2015 20:05:18 GMT https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9493#M6969 tom.mccomb 2015-02-11T20:05:18Z https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9494#M6970 <HTML><HEAD></HEAD><BODY><P>You may have seen already, but PA are advising that we should roll back to 484.</P><P></P><P>Regards,</P><P>Dave</P></BODY></HTML> Thu, 12 Feb 2015 09:12:43 GMT https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9494#M6970 DavePalo 2015-02-12T09:12:43Z https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9495#M6971 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Palo Alto Networks has determined that Application and Threat Content version 485 may introduce false-positive triggers on certain IPS signatures involving SSL changes in that content release. We removed content release 485 from public update servers and are re-releasing Application and Threat Content 486 with the SSL changes removed. Please be informed that now content 486 is available.</P></BODY></HTML> Thu, 12 Feb 2015 09:20:58 GMT https://live.paloaltonetworks.com/t5/general-topics/485-2569-dynamic-updates-issue/m-p/9495#M6971 gbogojevic 2015-02-12T09:20:58Z