Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ACEGYRA
Participant

IPS Signature showing False Positive result

 IPS Signature showing False Positive result. IPS Signature is in Prevent mode but logs are showing for Detect mode.

0 Kudos
5 Replies
G_W_Albrecht
Legend
Legend

Why did you think this is a General Topic ?

sk106119: Threat Emulation blade generates a "Detect" log instead of "Prevent" log

CCSE CCTE SMB Specialist
0 Kudos
ACEGYRA
Participant

threat emulation blade is not enabled in our environment. We are having only FW, IPS, Antivirus and Antibot blade enabled.

 

This sk is not relevant to this signature as logged signature triggered in IPS blade and it is not prevented.

 

0 Kudos
G_W_Albrecht
Legend
Legend

Open a ticket with TAC to get that resolved !

CCSE CCTE SMB Specialist
0 Kudos
Shiran_Gold
Employee
Employee

Hi,

in order to investigate the cause more information will be required.

is it possible that IPS is set in troubleshoot mode?

Did it work in the past?

 

I suggest to raise SR to TAC, please share the number so I can followup and assist.

0 Kudos
ACEGYRA
Participant

We have verified the profile and it is in the prevention mode.

 TAC (6-0003403856)told to enable the packet capture for the particular protection "OpenSSL TLS man-in-the-middle security bypass".

 As a workaround, can create an exception for this particular protection and the action should be prevented. 

0 Kudos