https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/284490#M76312 <P>Thank you all for the response.</P><P>&nbsp;</P><P>We had file blocking in place...<SPAN>disabled the file blocking and this has resolved the issue.</SPAN></P> Thu, 22 Aug 2019 00:46:46 GMT FarzanaMustafa 2019-08-22T00:46:46Z https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/283634#M76266 <P>Hello,</P><P>&nbsp;</P><P><SPAN>PA-3020 is falsely identifying some adobe-creative-cloud-base traffic as being a threat.&nbsp; I can't add an exception for this as the log view does not contain a threat ID as it normally would for a threat.&nbsp; All of my dynamic updates are up to date.</SPAN></P><P><SPAN>The URL filtering profile is set to ‘alert’ for computer-and-internet-info (I have most of the categories set to ‘alert’).&nbsp; </SPAN></P><P><SPAN>The rule is set to ‘application default’ for the ports.&nbsp;</SPAN></P><P><SPAN>How to resolve this issue?</SPAN></P><P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="1.jpg" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21039iE21CBB3B7E03356B/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="1.jpg" alt="1.jpg" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="2.jpg" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/21040iC16598DF657A845C/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="2.jpg" alt="2.jpg" /></span></SPAN></P> Tue, 20 Aug 2019 03:59:02 GMT https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/283634#M76266 FarzanaMustafa 2019-08-20T03:59:02Z https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/283716#M76271 <P>If you can get a PCAP of the traffic.&nbsp; Open a ticket with support.&nbsp; They'll review the PCAP and get the signature updated to not alert on this false positive.</P> Tue, 20 Aug 2019 12:42:23 GMT https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/283716#M76271 Brandon_Wertz 2019-08-20T12:42:23Z https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/284465#M76306 <P>I have not ever seen an application signature being false postive for a threat.</P><P>Now, it could be information inside the flow, using the app signature, but definitely not the app signature itself.</P><P>&nbsp;</P><P>As for the URL category set to alert, then I would want to see a screen capture of the security profile group (if any) for your rule.</P><P>I am thinking you may have&nbsp; multiple URL filtering profiles and one of them is set to block.</P><P>&nbsp;</P><P>But we would need see screen captures to show us this info.</P><P>&nbsp;</P> Wed, 21 Aug 2019 21:24:20 GMT https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/284465#M76306 S.Cantwell 2019-08-21T21:24:20Z https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/284490#M76312 <P>Thank you all for the response.</P><P>&nbsp;</P><P>We had file blocking in place...<SPAN>disabled the file blocking and this has resolved the issue.</SPAN></P> Thu, 22 Aug 2019 00:46:46 GMT https://live.paloaltonetworks.com/t5/general-topics/false-positive-threat/m-p/284490#M76312 FarzanaMustafa 2019-08-22T00:46:46Z