Jump to content


Photo

Understand Threat Scan

threat scan IPS Evasion Probing

  • Please log in to reply
1 reply to this topic

#1 Osama Mansoor

Osama Mansoor
  • Members
  • 1 posts

Posted 13 October 2018 - 02:32 AM

We have recently configured NG Firewall F280 Rev.B.

 

I can see some on my internal IP's are listed in Threat Scan.

 

Some them are also fully compliance in term of WINDOWS UPDATE/PATCH MANAGEMENT and AV and no unauthorized software but they are still in list.

 

However users on these machine IP use internet for different purpose which may be the reason for being in list.

 

Now i don't under stand what should i do against these Machine however machines are fully PATCH and fully compliance.

 

As far my information these THREAD can be FALSE POSITIVE and may be the web site they are visiting have some vulnerability which stops by firewall and indicate on THREAT list also come here.

 

please help me in this regard.

 

  



#2 Michael Zoller

Michael Zoller
  • Barracuda Team Members
  • 188 posts

Posted 29 October 2018 - 07:21 AM

They can be false positives. Use the items listed in the threat scan to determine if the detected vulnerability is real and if create exceptions for the wrong entries to ensure they are not displayed again.