Video Screencast Help

SEP Firewall Policy Issue - False Positive

Created: 18 Jun 2013 • Updated: 18 Jun 2013 | 9 comments

I'm getting a false positive when I'm setting up a Firewall policy to monitor users accessing specific websites. For example, if I monitor users access Twitter, or Facebook. I'll see users access the website, but then I'll see my computer accessing it as well, when I have no other browsers or web pages open to any website.

Any ideas?

Operating Systems:

Comments 9 CommentsJump to latest comment

.Brian's picture

Is there a script on one of the pages your accessing that goes out to facebook, twitter, etc. automatically without you knowing it? You woul dneed to view the source info in the browser to see this.

Web pages these days have all kinds of scripts that link to other sites that work behind the scenes. For example, Connect has a link to Twitter and LinkedIn.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

mrskiki123's picture

Nope, none that I'm aware of. I understand that if I have other webpages open it may have stuff embedded within that page. But in this instance I have no other pages open. 

Could clearing my cache and resetting my network adapter help eliminate the FP.

.Brian's picture

It can't hurt. Seems something may be calling out to it. You could also install wireshark to watch the traffic.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Rafeeq's picture

 do  you have any add/on in the browser for twitter /FB?

mrskiki123's picture

Nope, I normally use Chrome. and I do not have an account /w Facebook or Twiiter. In this instance I have closed out of all Internet Browsers and watch the policy update from the SEPM Server

Rafeeq's picture

can you post the screen shot of the block msg  / log?

Rafeeq's picture

i tried who is for 184.84.130.110 its going to akamai. any other log which says the domain name.

SameerU's picture

Hi

Can you please upgrade to SEP 12.1.3 and check

Regards