Anyone else suddenly getting false positives on NordVPN?
Trevor
Newbie ✭
They must have just recently added or changed the signature. I'm sure it's a false positive because there wouldn't be so many people in my company using it. I suspect it's actually related to the Splashtop software many are using to work from home. Anyone else using Splashtop that can confirm?
Category: Firewall Security Services
0
Best Answer
-
CORRECT ANSWER
shiprasahu93
Moderator
Hello All,
The IPS team has verified that this issue should be taken care of now. Please make sure that the signature database is up to date and kindly check the logs again.
Thanks!
Shipra Sahu
Technical Support Advisor, Premier Services
5
Answers
We're not using Splashtop, but I did notice we started having a lot of false positives with NordVPN. I thought we may have had some time of malware infection, but I haven't seen anything on our systems that would indicate a compromise.
I am in the same boat. We received 5 notifications from separate devices and separate facilities around the same time on 12/1. Each client device that was flagged was reaching out to separate IPs (google, aws, scheduling software site) and one of the destinations was an internal web server - yet all was flagged as NordVPN traffic. I have not seen any additional alerts since then.
None of the clients had NordVPN installed as an application or as a browser extension.
We are not using Splashtop.
Update - This is now affecting 19 clients. Those 19 clients are generating the alert when hitting any one of 115 unique external IPs.
Hello @Trevor, @B3rt and @BrianN,
Yes, I do see a few support cases reporting a similar behavior. We have informed our App control Signatures Team regarding the same and they are actively investigating this issue.
I will update this thread once I hear back from them.
Thank you all for bringing it up here! Have a good one!
Shipra Sahu
Technical Support Advisor, Premier Services
Yes, it looks like the offending signature has been removed. Thanks!
Thank you for the confirmation, @Trevor and sorry for any inconvenience caused.
@micah - SonicWall's Self-Service Sr. Manager