06-14-2023 04:20 AM
Hi,
Is anyone else experiencing lots of false positives for the BIOC - Masquerading - 1396383840, specifically relating to signed Microsoft system 32 files and Chrome?
The files initiating the alerts are all signed, have not been modified for a long time and I cannot see any malicious behaviour.
06-14-2023 04:28 AM
yeah me too i dont know the cause
06-14-2023 04:32 AM
Hmm, I'm thinking this may be some misconfig on PaloAlto side. They had a similar incident a couple of months ago which created lots of alerts for TOR exit nodes which was also false positives.
06-19-2023 03:04 AM
Hi,
We are also experiencing the same problem with Masquerading alerts.
It might trigger in certain conditions and it could be related to the latest CU 980 where they made some changes to BTP agent module.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
