This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
_Val_
Admin
Admin
14 hours ago

New Signature causes False Positives on Threat Cloud

Attention: New Signature causes False Positives on Threat Cloud, potentially impacting the products that use Threat Emulation and Anti Virus Blades

 

Hi all, we want to inform you that there is an issue with a new signature that was uploaded to the Threat Cloud service that might cause False Positives, this potentially affects the products that use Threat Emulation and Anti Virus Blades. The issue is mostly limited to false positive alerts and file quarantine events with the Harmony Endpoint.  

Check Point R&D teams already identified the root cause and deployed a fixed signature to Threat Cloud Service, the fix will propagate worldwide in the next few hours.

We are currently working on a SK that will be published shortly.

You can also follow up on the incident via its status page.

0 Kudos
1 Reply
Swiftyyyyy
Explorer
13 hours ago

Not that uncommon of an event lately unfortunately.. I can count 3 instances at least where we had unexplained bulk false-positive events with customers; the first one as of late was right around New Years.

I can't help but vent my frustration regarding this, especially after the statement made regarding the Crowdstrike related event and the claims of extensive testing performed.

It's not that particularly obscure applications are being detected; SSL Network Extender (a Check Point application if I remember correctly) was cleaned up on my system. I would like to guess that this software at least would be present on internal systems.

Not having a big red "revert" button is also somewhat strange; I don't think a tool as powerful and influential as Threat Cloud should involve hours of revert operations for this type of change.

What's even worse is not having a central way to purge local cache on Endpoints and dealing with "suggestions" along the lines of "it'll clear up in a few days"; it's not a skin rash, it's a potentially company crippling event.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events