Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
_Val_
Admin
Admin
Jump to solution

New Signature causes False Positives on Threat Cloud

Attention: New Signature causes False Positives on Threat Cloud, potentially impacting the products that use Threat Emulation and Anti Virus Blades

 

UPDATE 17.09.2024

The fix propagated world-wide, and the issue was resolved but we are working with our customers to restore the quarantine files and emails.

Please refer to sk182688 for details.

-------

ORIGINALLY posted on 16.09.2024

Hi all, we want to inform you that there is an issue with a new signature that was uploaded to the Threat Cloud service that might cause False Positives, this potentially affects the products that use Threat Emulation and Anti Virus Blades. The issue is mostly limited to false positive alerts and file quarantine events with the Harmony Endpoint.  

Check Point R&D teams already identified the root cause and deployed a fixed signature to Threat Cloud Service, the fix will propagate worldwide in the next few hours.

We are currently working on a SK that will be published shortly.

You can also follow up on the incident via its status page.

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin

The fix propagated world-wide, and the issue was resolved but we are working with our customers to restore the quarantine files and emails.

Please refer to sk182688 for details.

View solution in original post

0 Kudos
3 Replies
Swiftyyyyy
Participant

Not that uncommon of an event lately unfortunately.. I can count 3 instances at least where we had unexplained bulk false-positive events with customers; the first one as of late was right around New Years.

I can't help but vent my frustration regarding this, especially after the statement made regarding the Crowdstrike related event and the claims of extensive testing performed.

It's not that particularly obscure applications are being detected; SSL Network Extender (a Check Point application if I remember correctly) was cleaned up on my system. I would like to guess that this software at least would be present on internal systems.

Not having a big red "revert" button is also somewhat strange; I don't think a tool as powerful and influential as Threat Cloud should involve hours of revert operations for this type of change.

What's even worse is not having a central way to purge local cache on Endpoints and dealing with "suggestions" along the lines of "it'll clear up in a few days"; it's not a skin rash, it's a potentially company crippling event.

_Val_
Admin
Admin

The fix propagated world-wide, and the issue was resolved but we are working with our customers to restore the quarantine files and emails.

Please refer to sk182688 for details.

0 Kudos
Alex-
Leader Leader
Leader

We're seeing a lot of clients reporting they are unable to update the Anti-Malware Database component since this morning, other components are OK.

Sometimes repeating the manual refresh works but not always. Is this related to this issue?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events