False Positive 2065016 ET TROJAN BPFDoor Heartbeat (Outbound)

FastForward2025 · October 3, 2025, 3:52pm

This rule triggered 2025/10/02 - 2025/10/03 on (Amazon) Ring Doorbell and Ring Floodlight devices. I spoke with Ring Customer Service who said the devices were performing a legitimate firmware update.

2065016 - ET TROJAN BPFDoor Heartbeat (Outbound)

jacotec · October 6, 2025, 8:44am

Same here, this rule killed our phone connectivity by blocking the SIP host of our phone provider.

ishaughnessy · October 6, 2025, 4:03pm

Hey @FastForward2025 @jacotec - Apologies for the issues! We just deactivated the rule so if you pull the latest ruleset that should resolve the FP’s.

Let me know if there’s anything else and I’m happy to help!

Thanks,
Isaac

Topic	Replies	Views
Daily Ruleset Update Summary 2022-10-13 Ruleset Updates	99	October 13, 2022
Ruleset Update Summary - 2023/01/25 - v10229 Ruleset Updates	415	January 25, 2023
Ruleset Update Summary - 2023/06/21 - v10355 Ruleset Updates	203	June 21, 2023
Ruleset Update Summary - 2022/12/02 - v10187 Ruleset Updates	356	December 2, 2022
Ruleset Update Summary - 2023/07/05 - v10365 Ruleset Updates	239	July 5, 2023

False Positive 2065016 ET TROJAN BPFDoor Heartbeat (Outbound)

Related topics