This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
_Val_
Admin
Admin
2 weeks ago
Jump to solution

New Signature causes False Positives on Threat Cloud

Attention: New Signature causes False Positives on Threat Cloud, potentially impacting the products that use Threat Emulation and Anti Virus Blades

 

UPDATE 17.09.2024

The fix propagated world-wide, and the issue was resolved but we are working with our customers to restore the quarantine files and emails.

Please refer to sk182688 for details.

-------

ORIGINALLY posted on 16.09.2024

Hi all, we want to inform you that there is an issue with a new signature that was uploaded to the Threat Cloud service that might cause False Positives, this potentially affects the products that use Threat Emulation and Anti Virus Blades. The issue is mostly limited to false positive alerts and file quarantine events with the Harmony Endpoint.  

Check Point R&D teams already identified the root cause and deployed a fixed signature to Threat Cloud Service, the fix will propagate worldwide in the next few hours.

We are currently working on a SK that will be published shortly.

You can also follow up on the incident via its status page.

0 Kudos
1 Solution

Accepted Solutions
_Val_
Admin
Admin
2 weeks ago
Jump to solution

The fix propagated world-wide, and the issue was resolved but we are working with our customers to restore the quarantine files and emails.

Please refer to sk182688 for details.

View solution in original post

0 Kudos
3 Replies
Swiftyyyyy
Explorer
2 weeks ago
Jump to solution

Not that uncommon of an event lately unfortunately.. I can count 3 instances at least where we had unexplained bulk false-positive events with customers; the first one as of late was right around New Years.

I can't help but vent my frustration regarding this, especially after the statement made regarding the Crowdstrike related event and the claims of extensive testing performed.

It's not that particularly obscure applications are being detected; SSL Network Extender (a Check Point application if I remember correctly) was cleaned up on my system. I would like to guess that this software at least would be present on internal systems.

Not having a big red "revert" button is also somewhat strange; I don't think a tool as powerful and influential as Threat Cloud should involve hours of revert operations for this type of change.

What's even worse is not having a central way to purge local cache on Endpoints and dealing with "suggestions" along the lines of "it'll clear up in a few days"; it's not a skin rash, it's a potentially company crippling event.

_Val_
Admin
Admin
2 weeks ago
Jump to solution

The fix propagated world-wide, and the issue was resolved but we are working with our customers to restore the quarantine files and emails.

Please refer to sk182688 for details.

0 Kudos
Alex-
Leader Leader
Leader
2 weeks ago
In response to _Val_
Jump to solution

We're seeing a lot of clients reporting they are unable to update the Anti-Malware Database component since this morning, other components are OK.

Sometimes repeating the manual refresh works but not always. Is this related to this issue?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events