Skip to main content
darrelle
darrelle
New Member
September 18, 2019
Solved

Compromised Hosts - too many false positives?

  • September 18, 2019
  • 2 replies
  • 35416 views

We see many false positives in the compromised hosts list, to the point where it makes the list almost useless. Most of them seem to be legitimate web advertising that is detected as Malware CnC. The most common of these is assets.ubembed.com and <randomstring>.js.ubembed.com.

 

Is there some workaround to whitelist these or otherwise reduce the number of false positives?

    Best answer by OrthoC

    [strike]I'm experiencing the exact same problem.[/strike]

     

    Nvm, same issue. Kind of stupid to keep posting false positives with no license. makes for some poor view of the IOC product on first purchase.

    2 replies

    tsimeonov_FTNT
    Staff
    tsimeonov_FTNT
    Staff
    September 18, 2019

    Please check if you have  a valid subscription for Threat Detection Service (IOC). (under System Settings) Likely your system is not licensed and not beet updated. 

    darrelle
    darrelleAuthor
    New Member
    September 18, 2019

    Ah, I think you are correct, thanks! I guess it ships with a fixed set of indicators and only updates if you have a subscription?

    OrthoC
    OrthoCAnswer
    New Member
    September 19, 2019

    [strike]I'm experiencing the exact same problem.[/strike]

     

    Nvm, same issue. Kind of stupid to keep posting false positives with no license. makes for some poor view of the IOC product on first purchase.

      mikebutash
      mikebutash
      New Member
      June 24, 2020

      Working with a customer with some serious issues, this is really annoying that these show up if not updating.  As said, better if you just simply turned the feature off than report false positives constantly.  Really annoying.

        Terms & ConditionsAccessibility statement