We see many false positives in the compromised hosts list, to the point where it makes the list almost useless. Most of them seem to be legitimate web advertising that is detected as Malware CnC. The most common of these is assets.ubembed.com and <randomstring>.js.ubembed.com.
Is there some workaround to whitelist these or otherwise reduce the number of false positives?
Solved! Go to Solution.
[strike]I'm experiencing the exact same problem.[/strike]
Nvm, same issue. Kind of stupid to keep posting false positives with no license. makes for some poor view of the IOC product on first purchase.
Please check if you have a valid subscription for Threat Detection Service (IOC). (under System Settings) Likely your system is not licensed and not beet updated.
Ah, I think you are correct, thanks! I guess it ships with a fixed set of indicators and only updates if you have a subscription?
[strike]I'm experiencing the exact same problem.[/strike]
Nvm, same issue. Kind of stupid to keep posting false positives with no license. makes for some poor view of the IOC product on first purchase.
Working with a customer with some serious issues, this is really annoying that these show up if not updating. As said, better if you just simply turned the feature off than report false positives constantly. Really annoying.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.