Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
darrelle
New Contributor

Compromised Hosts - too many false positives?

We see many false positives in the compromised hosts list, to the point where it makes the list almost useless. Most of them seem to be legitimate web advertising that is detected as Malware CnC. The most common of these is assets.ubembed.com and <randomstring>.js.ubembed.com.

 

Is there some workaround to whitelist these or otherwise reduce the number of false positives?

1 Solution
OrthoC
New Contributor II

[strike]I'm experiencing the exact same problem.[/strike]

 

Nvm, same issue. Kind of stupid to keep posting false positives with no license. makes for some poor view of the IOC product on first purchase.

View solution in original post

4 REPLIES 4
tsimeonov_FTNT

Please check if you have  a valid subscription for Threat Detection Service (IOC). (under System Settings) Likely your system is not licensed and not beet updated. 

darrelle

Ah, I think you are correct, thanks! I guess it ships with a fixed set of indicators and only updates if you have a subscription?

OrthoC
New Contributor II

[strike]I'm experiencing the exact same problem.[/strike]

 

Nvm, same issue. Kind of stupid to keep posting false positives with no license. makes for some poor view of the IOC product on first purchase.

mikebutash

Working with a customer with some serious issues, this is really annoying that these show up if not updating.  As said, better if you just simply turned the feature off than report false positives constantly.  Really annoying.