https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25611#M3559 <HTML><HEAD></HEAD><BODY><P>The difference is: one is reading from the Windows Event Log, another is relying on being explicitly triggered by the external tool.</P><P>As was suggested in the SK, you may need to open a TAC case with the requested information for Troubleshooting.</P></BODY></HTML> Tue, 11 Sep 2018 13:30:59 GMT PhoneBoy 2018-09-11T13:30:59Z https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25608#M3556 <HTML><HEAD></HEAD><BODY><P>Can you please direct to a step by step guide on how to configure the Forensics report with 3rd party AV?</P><P></P><P>I have reviewed the&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105122" title="https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.SearchResultMainAction&amp;eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk105122">How to configure Forensics blade to analyze an incident that was detected by external system</A>&nbsp;</P><P></P><P>but is a bit confusing.&nbsp;</P><P></P><P>Thanks,</P><P></P><P>Charris Lappas</P></BODY></HTML> Mon, 10 Sep 2018 17:37:11 GMT https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25608#M3556 Charris_Lappas 2018-09-10T17:37:11Z https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25609#M3557 <HTML><HEAD></HEAD><BODY><P>The SK you linked is the tool that would be run to kick off a forensics report, with a few different methods for kicking it off.</P><P>As each third party AV is different, the exact instructions&nbsp;will depend on the third party AV in question.</P><P>The SK mentions Symantec specifically, there is another SK for Trend:&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112436" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk112436">Setting up Sandblast Agent (SBA) Forensics Analysis trigger from Trend Micro Control Manager</A>&nbsp;</P></BODY></HTML> Mon, 10 Sep 2018 22:10:07 GMT https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25609#M3557 PhoneBoy 2018-09-10T22:10:07Z https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25610#M3558 <HTML><HEAD></HEAD><BODY><P>Looking it further there is another SK&nbsp;<A class="link-titled" href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk116024&amp;partition=General&amp;product=SandBlast" title="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk116024&amp;partition=General&amp;product=SandBlast">SandBlast Agent Integration with Third Party Anti-Virus Vendors</A>&nbsp; so what is the difference between the two. I have followed this SK but the forensics reports are not generated.&nbsp;</P></BODY></HTML> Tue, 11 Sep 2018 09:46:09 GMT https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25610#M3558 Charris_Lappas 2018-09-11T09:46:09Z https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25611#M3559 <HTML><HEAD></HEAD><BODY><P>The difference is: one is reading from the Windows Event Log, another is relying on being explicitly triggered by the external tool.</P><P>As was suggested in the SK, you may need to open a TAC case with the requested information for Troubleshooting.</P></BODY></HTML> Tue, 11 Sep 2018 13:30:59 GMT https://community.checkpoint.com/t5/Endpoint/Forensics-report-with-3rd-party-AV/m-p/25611#M3559 PhoneBoy 2018-09-11T13:30:59Z