Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Fred_Joans
Explorer

Best way to alert Checkpoint of probable FPs?

Hello,

Checkpoint IPS has recently (09-08-2018) started erroneously tagging many domains ending in akamaiedge.net as malicious (Phishing_website.upvi) which is creating very large amounts of FP alerts. Here are some examples:

 e11696.dscg.akamaiedge.net

e16595.dsca.akamaiedge.net

e912.f.akamaiedge.net

e6640.g.akamaiedge.net

.. etc

Hopefully someone at Checkpoint reviews this post and fixes the issue ASAP. Thanks!

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

A TAC case is always your best bet in the case of a false positive.

I'll see what I can find out from our Threat Operations team, though.

0 Kudos
MK9
Contributor

I also encountered a similar problem (09-sept-2018 - 10-sept-2018).

PhoneBoy
Admin
Admin

The false positive should have already been addressed by now, assuming you have installed the latest IPS signatures.

0 Kudos
MK9
Contributor

Problem is solved:)

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events