https://community.checkpoint.com/t5/Endpoint/Manage-goto-meeting-webex-downloads/m-p/23455#M3597 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P></P><P>How do you manage the different meeting systems download apps?</P><P>Sndblast keep alerting in logs as detected but with Severity=Low and Confidence Level=N/A</P><P></P><P>SandBlast Agent Threat Emulation has detected access to: C:\Users\USERNAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXUF8VS0\<STRONG>G2MCoreInstExtractor[1].exe</STRONG>. See attached report</P><P></P><P>I am thinking of changing the "Blade Activition" policy setting for the Anti-Bot agent to ignore Confidence Level=Low. Today it is detect on Low and prevent on High and Medium.</P><P>Is a change like that safe, or is it better to keep it as is an filter the events, logs and reports?</P></BODY></HTML> Fri, 11 May 2018 13:57:12 GMT Mikael_Bygren 2018-05-11T13:57:12Z https://community.checkpoint.com/t5/Endpoint/Manage-goto-meeting-webex-downloads/m-p/23455#M3597 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P></P><P>How do you manage the different meeting systems download apps?</P><P>Sndblast keep alerting in logs as detected but with Severity=Low and Confidence Level=N/A</P><P></P><P>SandBlast Agent Threat Emulation has detected access to: C:\Users\USERNAME\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XXUF8VS0\<STRONG>G2MCoreInstExtractor[1].exe</STRONG>. See attached report</P><P></P><P>I am thinking of changing the "Blade Activition" policy setting for the Anti-Bot agent to ignore Confidence Level=Low. Today it is detect on Low and prevent on High and Medium.</P><P>Is a change like that safe, or is it better to keep it as is an filter the events, logs and reports?</P></BODY></HTML> Fri, 11 May 2018 13:57:12 GMT https://community.checkpoint.com/t5/Endpoint/Manage-goto-meeting-webex-downloads/m-p/23455#M3597 Mikael_Bygren 2018-05-11T13:57:12Z https://community.checkpoint.com/t5/Endpoint/Manage-goto-meeting-webex-downloads/m-p/23456#M3598 <HTML><HEAD></HEAD><BODY><P>I would keep it as a filter versus not logging Low Confidence triggers.</P><P>Low Confidence events could lead to higher confidence ones later on.&nbsp;</P></BODY></HTML> Fri, 11 May 2018 15:36:48 GMT https://community.checkpoint.com/t5/Endpoint/Manage-goto-meeting-webex-downloads/m-p/23456#M3598 PhoneBoy 2018-05-11T15:36:48Z