08-19-2019 08:59 PM
Hello,
PA-3020 is falsely identifying some adobe-creative-cloud-base traffic as being a threat. I can't add an exception for this as the log view does not contain a threat ID as it normally would for a threat. All of my dynamic updates are up to date.
The URL filtering profile is set to ‘alert’ for computer-and-internet-info (I have most of the categories set to ‘alert’).
The rule is set to ‘application default’ for the ports.
How to resolve this issue?
08-21-2019 05:46 PM
Thank you all for the response.
We had file blocking in place...disabled the file blocking and this has resolved the issue.
08-20-2019 05:42 AM
If you can get a PCAP of the traffic. Open a ticket with support. They'll review the PCAP and get the signature updated to not alert on this false positive.
08-21-2019 02:24 PM
I have not ever seen an application signature being false postive for a threat.
Now, it could be information inside the flow, using the app signature, but definitely not the app signature itself.
As for the URL category set to alert, then I would want to see a screen capture of the security profile group (if any) for your rule.
I am thinking you may have multiple URL filtering profiles and one of them is set to block.
But we would need see screen captures to show us this info.
08-21-2019 05:46 PM
Thank you all for the response.
We had file blocking in place...disabled the file blocking and this has resolved the issue.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
