https://live.paloaltonetworks.com/t5/general-topics/user-activity-reports-showing-malware-category-for-a-microsoft/m-p/322024#M82394 <P>My guess would be that the following signature update for C2 signatures:</P><P><SPAN>generic:007896376966807894.windows-updates-service.com</SPAN></P><P><SPAN>That was deployed in 3311 and subsequently removed in 3312 is a little bit too off and caught more traffic than intended. If you haven't already, update to 3312 and the issue should go away.&nbsp;</SPAN></P> Thu, 09 Apr 2020 22:33:41 GMT BPry 2020-04-09T22:33:41Z https://live.paloaltonetworks.com/t5/general-topics/user-activity-reports-showing-malware-category-for-a-microsoft/m-p/321582#M82301 <P>On our User Activity Reports, I'm seeing windowsupdate.com with a block-url action and malware category classification.&nbsp; The URL appears to be valid.&nbsp; Does anyone have an idea why this would be happening?</P> Wed, 08 Apr 2020 15:08:21 GMT https://live.paloaltonetworks.com/t5/general-topics/user-activity-reports-showing-malware-category-for-a-microsoft/m-p/321582#M82301 AnniesIT 2020-04-08T15:08:21Z https://live.paloaltonetworks.com/t5/general-topics/user-activity-reports-showing-malware-category-for-a-microsoft/m-p/322024#M82394 <P>My guess would be that the following signature update for C2 signatures:</P><P><SPAN>generic:007896376966807894.windows-updates-service.com</SPAN></P><P><SPAN>That was deployed in 3311 and subsequently removed in 3312 is a little bit too off and caught more traffic than intended. If you haven't already, update to 3312 and the issue should go away.&nbsp;</SPAN></P> Thu, 09 Apr 2020 22:33:41 GMT https://live.paloaltonetworks.com/t5/general-topics/user-activity-reports-showing-malware-category-for-a-microsoft/m-p/322024#M82394 BPry 2020-04-09T22:33:41Z