This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Wolfgang
MVP Gold
MVP Gold
‎2022-11-21 07:01 AM
Jump to solution

false detection of application since today 06:00am

Starting today November 21. 06am (local time in Germany) we could observe a lot of false positives with application control/url filter. Most of legitimate traffic will be detected as "ExpressVPN". This application has risk level critical and will be blocked.

Interesting detail, only traffic related to proxy connections will be detect as "expressVPN". We can see this for connections proxy => proxy and between client and proxy

2022-11-21 15_52_19-2022.png

 

This view shows timeline of the application "expressVPN" only:

2022-11-21 15_28_53.png

 

Anyone seeing same problem?

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
MVP Gold
MVP Gold
‎2022-11-22 04:53 AM
In response to _Val_
Jump to solution

@_Val_ problem is solved with an updated package for ApplicationControl/URLFilter from the last night. This was a little nightmare last day, because most of all Internet traffic was detected as "critical" and blocked. Teams, O365, sometimes www.google.de and  a lot more.

View solution in original post

0 Kudos
10 Replies
mp2012
Contributor
‎2022-11-21 07:11 AM
Jump to solution

Hi,

I can confirm this, same behaviour here. 

 

kind regards,

mp2012

 

 

 

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2022-11-21 07:28 AM
Jump to solution

Trying to figure out if there is an easy way to test this in the lab with just one windows PC behind it...I did filter like below for 30 days in my lab and dont see anything, but will ask customer who runs app control to do it and see what they get.

blade:"Application Control" AND appi_name:ExpressVPN

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2022-11-21 07:35 AM
In response to the_rock
Jump to solution

@the_rock it's only seen with involved proxy, without no problem !

the_rock
MVP Diamond
MVP Diamond
‎2022-11-21 07:37 AM
In response to Wolfgang
Jump to solution

Ah, gotcha...never mind then.

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
_Val_
Admin
Admin
‎2022-11-21 07:33 AM
Jump to solution

Do you have a TAC case for this?

0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2022-11-21 07:48 AM
In response to _Val_
Jump to solution

TAC case is open, R&D is working on it. Told me ther's a known issue with the application database.

_Val_
Admin
Admin
‎2022-11-22 04:25 AM
In response to Wolfgang
Jump to solution

Is this resolved for you yet?

0 Kudos
mp2012
Contributor
‎2022-11-22 04:33 AM
In response to _Val_
Jump to solution

Hi,

 

for me problem is solved now (environment with proxies involved too).

 

kind regards,

mp2012

0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2022-11-22 04:53 AM
In response to _Val_
Jump to solution

@_Val_ problem is solved with an updated package for ApplicationControl/URLFilter from the last night. This was a little nightmare last day, because most of all Internet traffic was detected as "critical" and blocked. Teams, O365, sometimes www.google.de and  a lot more.

0 Kudos
_Val_
Admin
Admin
‎2022-11-22 05:36 AM
In response to Wolfgang
Jump to solution

I certainly understand, and I am sorry about it. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events