Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
Jump to solution

false detection of application since today 06:00am

Starting today November 21. 06am (local time in Germany) we could observe a lot of false positives with application control/url filter. Most of legitimate traffic will be detected as "ExpressVPN". This application has risk level critical and will be blocked.

Interesting detail, only traffic related to proxy connections will be detect as "expressVPN". We can see this for connections proxy => proxy and between client and proxy

2022-11-21 15_52_19-2022.png

 

This view shows timeline of the application "expressVPN" only:

2022-11-21 15_28_53.png

 

Anyone seeing same problem?

0 Kudos
1 Solution

Accepted Solutions
Wolfgang
Authority
Authority

@_Val_ problem is solved with an updated package for ApplicationControl/URLFilter from the last night. This was a little nightmare last day, because most of all Internet traffic was detected as "critical" and blocked. Teams, O365, sometimes www.google.de and  a lot more.

View solution in original post

0 Kudos
10 Replies
mp2012
Contributor

Hi,

I can confirm this, same behaviour here. 

 

kind regards,

mp2012

 

 

 

0 Kudos
the_rock
Legend
Legend

Trying to figure out if there is an easy way to test this in the lab with just one windows PC behind it...I did filter like below for 30 days in my lab and dont see anything, but will ask customer who runs app control to do it and see what they get.

blade:"Application Control" AND appi_name:ExpressVPN

0 Kudos
Wolfgang
Authority
Authority

@the_rock it's only seen with involved proxy, without no problem !

the_rock
Legend
Legend

Ah, gotcha...never mind then.

0 Kudos
_Val_
Admin
Admin

Do you have a TAC case for this?

0 Kudos
Wolfgang
Authority
Authority

TAC case is open, R&D is working on it. Told me ther's a known issue with the application database.

_Val_
Admin
Admin

Is this resolved for you yet?

0 Kudos
mp2012
Contributor

Hi,

 

for me problem is solved now (environment with proxies involved too).

 

kind regards,

mp2012

0 Kudos
Wolfgang
Authority
Authority

@_Val_ problem is solved with an updated package for ApplicationControl/URLFilter from the last night. This was a little nightmare last day, because most of all Internet traffic was detected as "critical" and blocked. Teams, O365, sometimes www.google.de and  a lot more.

0 Kudos
_Val_
Admin
Admin

I certainly understand, and I am sorry about it. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events