cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Best way to alert Checkpoint of probable FPs?

Hello,

Checkpoint IPS has recently (09-08-2018) started erroneously tagging many domains ending in akamaiedge.net as malicious (Phishing_website.upvi) which is creating very large amounts of FP alerts. Here are some examples:

 e11696.dscg.akamaiedge.net

e16595.dsca.akamaiedge.net

e912.f.akamaiedge.net

e6640.g.akamaiedge.net

.. etc

Hopefully someone at Checkpoint reviews this post and fixes the issue ASAP. Thanks!

0 Kudos
4 Replies
Admin
Admin

Re: Best way to alert Checkpoint of probable FPs?

A TAC case is always your best bet in the case of a false positive.

I'll see what I can find out from our Threat Operations team, though.

0 Kudos

Re: Best way to alert Checkpoint of probable FPs?

I also encountered a similar problem (09-sept-2018 - 10-sept-2018).

Admin
Admin

Re: Best way to alert Checkpoint of probable FPs?

The false positive should have already been addressed by now, assuming you have installed the latest IPS signatures.

0 Kudos

Re: Best way to alert Checkpoint of probable FPs?

Problem is solved:)

0 Kudos