- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-03-2022 11:06 AM
Latest spyware signatures appear to be blocking legitimate connections to ConnectWise control. The 5/2 AppThreat-8564-7375 update categorizes the connection/file (GetSessionDetails) as threat Generic PHP Webshell File Detection.
Produces "unknown error" on the ConnectWise portal page.
The only way I can get around it is to exclude the connectwise site from forward decryption. We have been using this product for years. Trying to figure out what went wrong here. Is it possible PA signature update is flawed?
05-03-2022 01:19 PM
There's been multiple reported issues with the new threat signatures sent out last night. I'd just roll that update back for the time being and wait for PAN to push out an update. Seems that its also triggering for some legitimate M365 traffic and some Bing traffic.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!