Users are receiving "New Sign On Notifications" which show the incorrect browser and Operating System (OS), confusing users into thinking they have been breached. Most users use Chrome with Windows 10, but Internet Explorer 11 (IE11) with Windows 8 is being incorrectly shown in the notification.
The following user-agent string was seen in the logs:
PAN GlobalProtect/6.0.3-38 (Microsoft Windows 10 Pro , 64-bit) Mozilla/5.0 (Windows NT 6.2; Win64; x64; Trident/7.0; rv:11.0) like Gecko
-
New Sign-On Notifications
-
User-Agent HTTP header
The UserAgent information is sent from a client device, such as a desktop or mobile device. When the request is sent, it includes a User-Agent HTTP header with information such as the Operating System and Browser that the device is using. Okta does not control the contents of the header and simply logs the information in the syslog event for the request.
This appears to be a GlobalProtect configuration issue.
