Blacklisted Flow Alarms

[pctsa]

Environment:

• OS name: Debian 12 Bookworm
• OS version: 12 Bookworm
• Architecture: amd64/8 Core/980 GB/RAM 16.8GB
• ntopng version/revision: 6.7.251120
• Browsere: Firefox ESR

What happened:

After the NTOPNG update on November 6, 2025, a large number of blacklisted flow alarms have appeared. This primarily affects Microsoft 365 communication with its servers. Investigations have now shown that none of these servers are blacklisted. All Windows machines with MS365 are displaying these alarms.

I cannot see this TLS issue with Wireshark.

[MatteoBiscosi]

Hi @pctsa i'm trying to reproduce the issue; first of all could you please into Settings -> Applications and Categories and check if you have any application inside the Malware category?

(an example is below)

[pctsa]

I have cecked in "Aplications and Categories" with search of malware. No enty found. With serach "microsoft" I found two entries:

• Microsoft, Cloud
• Microsoft365, Collaborative

[MatteoBiscosi]

Hi @pctsa could you please update and let me know what the alert description shows?

[pctsa]

Hi Matteo, I have loaded the new software (ntopng version/revision: 6.7.251125) and only the "Description" of the alarms has changed.