AnsweredAssumed Answered

How to handle possibly false positive in application control?

Question asked by Ilmo Anttonen on Dec 20, 2018
Latest reply on Dec 21, 2018 by Dameon Welch-Abernathy

A customer user has problems downloading files from Basecamp, which is a file-sharing application. We have an excplicit allow for this application in the policy but generally don't allow file sharing, as you can see in the policy snippet. When the user tries to download a file from Basecamp they can't. The drop log seems to point to Google Cloud Platform. I myself don't have an account at this basecamp site but when I go to the URL i face an Google-log in prompt. Seems Google is used as authenticating part here. Could this be the reason for the miss-classification?

 

Not sure how to solve this, without activating the disabled rule below, which allows downloads from Google Cloud Platform. The customer doesn't use Identity Awareness because of issues with AD. So allowing only this one user downloads from all google cloud is not possible either. Should I report this as an error in CheckPoint interpretation or am I getting it wrong?

Outcomes