https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15778#M13553 <HTML><HEAD></HEAD><BODY><P>Did the end user in question actually receive the document?</P></BODY></HTML> Fri, 16 Nov 2018 19:40:32 GMT PhoneBoy 2018-11-16T19:40:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15773#M13548 <HTML><HEAD></HEAD><BODY><P>Hello. I need some help with Threat Emulation. Our customer have a couple of incidents with virus prevention.</P><P>A virus file can pass check point with detect in logs:</P><P><IMG class="jive-image image-4" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74563_pastedImage_1.png" /></P><P>Matched Rules:</P><P><IMG class="image-5 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74564_pastedImage_2.png" /></P><P>Rules:</P><P><IMG class="image-6 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74565_pastedImage_3.png" /></P><P>Severity - Critical, Confidence Level - High. Threat Prevention profile:</P><P><IMG __jive_id="74159" class="image-2 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74159_pastedImage_2.png" /></P><P><IMG class="image-7 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74566_pastedImage_4.png" /></P><P><IMG class="jive-image image-8" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74567_pastedImage_5.png" /></P><P>At the same time if we open summury report we see Prevent:</P><P><IMG class="image-9 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/74568_pastedImage_6.png" /></P><P>What is wrong? Antivirus does not blok this file too.</P></BODY></HTML> Tue, 13 Nov 2018 07:45:12 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15773#M13548 Evgeniy_Olkov 2018-11-13T07:45:12Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15774#M13549 <HTML><HEAD></HEAD><BODY><P>Just with a quick glance - Threat prevention profile shows "Standard" and next screenshot profile name is different</P></BODY></HTML> Tue, 13 Nov 2018 07:55:03 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15774#M13549 Kaspars_Zibarts 2018-11-13T07:55:03Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15775#M13550 <HTML><HEAD></HEAD><BODY><P>Sorry for that, it's just an example. I have not an original screenshots (just for now).&nbsp;</P></BODY></HTML> Tue, 13 Nov 2018 07:58:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15775#M13550 Evgeniy_Olkov 2018-11-13T07:58:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15776#M13551 <HTML><HEAD></HEAD><BODY><P>It's all in the details. Actual screenshots showing your real sypmtoms will allow us to help you. Please replace the examples above with your real screenshots.</P></BODY></HTML> Tue, 13 Nov 2018 10:15:47 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15776#M13551 Danny 2018-11-13T10:15:47Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15777#M13552 <HTML><HEAD></HEAD><BODY><P>I have updated screenshots</P></BODY></HTML> Thu, 15 Nov 2018 07:49:33 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15777#M13552 Evgeniy_Olkov 2018-11-15T07:49:33Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15778#M13553 <HTML><HEAD></HEAD><BODY><P>Did the end user in question actually receive the document?</P></BODY></HTML> Fri, 16 Nov 2018 19:40:32 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15778#M13553 PhoneBoy 2018-11-16T19:40:32Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15779#M13554 <HTML><HEAD></HEAD><BODY><P>Yes. Local antivirus detect it in received email.</P><P>Actually I have noticed that our other customer has the same problem.&nbsp;</P></BODY></HTML> Sat, 17 Nov 2018 08:32:22 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15779#M13554 Evgeniy_Olkov 2018-11-17T08:32:22Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15780#M13555 <HTML><HEAD></HEAD><BODY><P>I could see the Forensics piece saying prevent if AV ultimately caught it (even if TE didn’t).</P><P>A TAC case is probably warranted here.</P></BODY></HTML> Sat, 17 Nov 2018 16:02:24 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15780#M13555 PhoneBoy 2018-11-17T16:02:24Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15781#M13556 <HTML><HEAD></HEAD><BODY><P>Yes, I have created TAC case. They are going to organize remote session. I'll share the answer after.</P></BODY></HTML> Mon, 19 Nov 2018 06:34:01 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Detect-in-Log-and-Prevent-in-Report-How-can-it-be/m-p/15781#M13556 Evgeniy_Olkov 2018-11-19T06:34:01Z