https://live.paloaltonetworks.com/t5/general-topics/wrong-hip-match/m-p/409191#M92418 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/155591">@kiwu</a>&nbsp;</P><P>I opened a case with TAC support. this issue with current version 5.2.6 they will fix this issue in new release. 5.2.7</P> Wed, 26 May 2021 11:50:53 GMT Jafar_Hussain 2021-05-26T11:50:53Z https://live.paloaltonetworks.com/t5/general-topics/wrong-hip-match/m-p/404948#M91958 <P>Dear All,</P><P>issue:</P><P>&nbsp;</P><P>I have the firewall 5220 with PAN-OS 10.0.3 and I am facing an below issue:-</P><P>As GlobalProtect 5.2.6 is released with support for OPSWAT v4 only while OPSWAT v3 is discontinued starting from 5.2.6, I tried to test it on a few machines.</P><P>&nbsp;</P><P>We apply HIP checking for the below:</P><P>-&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; FireEye Endpoint Agent – Installed &amp; Real Time Protection = Yes &amp; Product Version &gt;= 31.0.0 &amp; Virus Definition Version is within last 7 days</P><P>In the HIP logs, I checked FireEye Endpoint Agent detect the wrong Virus Definition Version date as 1/1/1970.</P><P>I rolled back to GlobalProtect 5.2.5-c84, and FireEye Endpoint Agent is detected with the correct Virus Definition Version.</P><P>&nbsp;</P><P>Below is the screenshot update GP -5.2.6 showing wrong information:-</P><P>Agent screen shot:-</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jafar_Hussain_0-1620221429240.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/33639i69AD174C36B1140B/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Jafar_Hussain_0-1620221429240.png" alt="Jafar_Hussain_0-1620221429240.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>The same HIP logs below:-</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jafar_Hussain_1-1620221429270.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/33638i2C2C28931BFA0027/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Jafar_Hussain_1-1620221429270.png" alt="Jafar_Hussain_1-1620221429270.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Once I rollback the GP version is 5.2.5 the logs showing correct.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jafar_Hussain_2-1620221429286.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/33637iACA14BD879A67141/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Jafar_Hussain_2-1620221429286.png" alt="Jafar_Hussain_2-1620221429286.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Jafar_Hussain_3-1620221429307.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/33640i93552257F0F14BF1/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="Jafar_Hussain_3-1620221429307.png" alt="Jafar_Hussain_3-1620221429307.png" /></span></P><P>&nbsp;</P><P>&nbsp;</P><P># When I checked the logs by below command with GP version 5.2.6:-</P><P>&nbsp;</P><UL><LI>debug user-id dump hip-report ip &lt;IP address&gt; user &lt;domain\username&gt;&nbsp;computer &lt;system name&gt;</LI></UL><P>&nbsp;</P><P>&lt;client-version&gt;5.2.6-84&lt;/client-version&gt;</P><P>&lt;ProductInfo&gt; &lt;Prod vendor="FireEye, Inc." name="FireEye Endpoint Agent" version="32.30.0" defver="" engver="" <FONT face="times new roman,times" color="#3366FF"><EM><STRONG>datemon="1" dateday="1" dateyear="1970"</STRONG></EM></FONT> prodType="3" osType="1"/&gt;</P><P>&lt;real-time-protection&gt;yes&lt;/real-time-protection&gt;</P><P>&lt;last-full-scan-time&gt;n/a&lt;/last-full-scan-time&gt;</P><P># When I checked the logs by below command with GP version 5.2.5:-</P><P>&nbsp;</P><UL><LI>debug user-id dump hip-report ip &lt;IP address&gt; user &lt;domain\username&gt;&nbsp;computer &lt;system name</LI></UL><P>&nbsp;</P><P>&lt;client-version&gt;5.2.5-84&lt;/client-version&gt;</P><P>&lt;ProductInfo&gt;</P><P>&lt;Prod vendor="FireEye, Inc." name="FireEye Endpoint Agent" version="32.30.0" <FONT face="times new roman,times" color="#0000FF"><EM><STRONG>defver="2021.05.05" engver="" datemon="5" dateday="5" dateyear="2021</STRONG></EM></FONT>" prodType="3" osType="1"/&gt;</P><P>&lt;real-time-protection&gt;yes&lt;/real-time-protection&gt;</P><P>&lt;last-full-scan-time&gt;n/a&lt;/last-full-scan-time&gt;</P><P>&nbsp;</P><P>Can any one help on this.</P> Wed, 05 May 2021 13:34:17 GMT https://live.paloaltonetworks.com/t5/general-topics/wrong-hip-match/m-p/404948#M91958 Jafar_Hussain 2021-05-05T13:34:17Z https://live.paloaltonetworks.com/t5/general-topics/wrong-hip-match/m-p/405429#M92002 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/124013">@Jafar_Hussain</a> ,</P> <P>&nbsp;</P> <P>From the looks of it the new OPSWAT database version is unable to correctly identify some of the product information.&nbsp;</P> <P>Please gather your findings and contact support as it might need a fix/update.</P> <P>&nbsp;</P> <P>Cheers,</P> <P>-Kiwi.</P> <DIV id="ConnectiveDocSignExtentionInstalled" data-extension-version="1.0.4">&nbsp;</DIV> Fri, 07 May 2021 07:24:59 GMT https://live.paloaltonetworks.com/t5/general-topics/wrong-hip-match/m-p/405429#M92002 kiwi 2021-05-07T07:24:59Z https://live.paloaltonetworks.com/t5/general-topics/wrong-hip-match/m-p/409191#M92418 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/155591">@kiwu</a>&nbsp;</P><P>I opened a case with TAC support. this issue with current version 5.2.6 they will fix this issue in new release. 5.2.7</P> Wed, 26 May 2021 11:50:53 GMT https://live.paloaltonetworks.com/t5/general-topics/wrong-hip-match/m-p/409191#M92418 Jafar_Hussain 2021-05-26T11:50:53Z