This alerted hundreds of times in our environment, mostly from Windows PCs; all of it appears to be benign. I compared the PCAPs from our alerts to the signature, but I’m not sure what could be changed in the signature.
1 Like
Hi @Segers, thank you for letting us know about the False Positive activity from the BPFDoor rule! Apologies for that. Our release today will contain updates to the recently published BPFDoor rules.
1 Like