False positive threat

L3 Networker

False positive threat



PA-3020 is falsely identifying some adobe-creative-cloud-base traffic as being a threat.  I can't add an exception for this as the log view does not contain a threat ID as it normally would for a threat.  All of my dynamic updates are up to date.

The URL filtering profile is set to ‘alert’ for computer-and-internet-info (I have most of the categories set to ‘alert’). 

The rule is set to ‘application default’ for the ports. 

How to resolve this issue?


L6 Presenter

Re: False positive threat

If you can get a PCAP of the traffic.  Open a ticket with support.  They'll review the PCAP and get the signature updated to not alert on this false positive.

L4 Transporter

Re: False positive threat

I have not ever seen an application signature being false postive for a threat.

Now, it could be information inside the flow, using the app signature, but definitely not the app signature itself.


As for the URL category set to alert, then I would want to see a screen capture of the security profile group (if any) for your rule.

I am thinking you may have  multiple URL filtering profiles and one of them is set to block.


But we would need see screen captures to show us this info.


L3 Networker

Re: False positive threat

Thank you all for the response.


We had file blocking in place...disabled the file blocking and this has resolved the issue.

Tags (1)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!