https://community.checkpoint.com/t5/Endpoint/SandBlast-Agent-Anti-Bot-exception/m-p/27251#M3607 <HTML><HEAD></HEAD><BODY><P>Are there any official recommendations from Check Point on adding exceptions to the SBA Anti-Bot blade?<BR />For example, we have the Anti-Bot blade&nbsp;incident when the user accesses the UserCheck of Application Control blade. How to explain this behavior for customer?</P></BODY></HTML> Wed, 30 May 2018 13:26:56 GMT Olga_Kuts 2018-05-30T13:26:56Z https://community.checkpoint.com/t5/Endpoint/SandBlast-Agent-Anti-Bot-exception/m-p/27251#M3607 <HTML><HEAD></HEAD><BODY><P>Are there any official recommendations from Check Point on adding exceptions to the SBA Anti-Bot blade?<BR />For example, we have the Anti-Bot blade&nbsp;incident when the user accesses the UserCheck of Application Control blade. How to explain this behavior for customer?</P></BODY></HTML> Wed, 30 May 2018 13:26:56 GMT https://community.checkpoint.com/t5/Endpoint/SandBlast-Agent-Anti-Bot-exception/m-p/27251#M3607 Olga_Kuts 2018-05-30T13:26:56Z https://community.checkpoint.com/t5/Endpoint/SandBlast-Agent-Anti-Bot-exception/m-p/27252#M3608 <HTML><HEAD></HEAD><BODY><P>Not sure if there are any official recommendations, but you can exclude different types of things for Anti-Bot.&nbsp;&nbsp;If there is a specific process (such as a development application) that keeps triggering Anti-Bot because its trying to go out somewhere legitimately, you can try to exclude that process.&nbsp; We have some of our internal domains excluded for that reason.&nbsp;&nbsp;</P><P></P><P><IMG class="image-1 jive-image" src="https://community.checkpoint.com/legacyfs/online/checkpoint/66751_pastedImage_2.png" /></P></BODY></HTML> Tue, 26 Jun 2018 20:06:46 GMT https://community.checkpoint.com/t5/Endpoint/SandBlast-Agent-Anti-Bot-exception/m-p/27252#M3608 Steve_Lander 2018-06-26T20:06:46Z https://community.checkpoint.com/t5/Endpoint/SandBlast-Agent-Anti-Bot-exception/m-p/27253#M3609 <HTML><HEAD></HEAD><BODY><P style="direction: ltr;"><SPAN style="color: black;">Hi Olha,</SPAN></P><P style="direction: ltr;"><SPAN style="color: #000000;">&nbsp;</SPAN></P><P style="direction: ltr;"><SPAN style="color: #000000;">There are no recommendations for exceptions.</SPAN></P><P style="direction: ltr;">Analyzing your logs, a "Trojan.Win32.Ponmocup.I" bot was found by AntiBot.</P><P style="direction: ltr;"><SPAN style="color: #000000;">The URL used</SPAN><SPAN style="color: #000000;">&nbsp;is related to User check simple configuration in Smart dashboard which is configured by the user, hence may contain&nbsp;links which are recognized as malicious.</SPAN></P><P style="direction: ltr;"></P><P style="direction: ltr;">I suggest to replace it.</P><P style="direction: ltr;">A ticket can be opened to TAC team for additional assistance with this issue.</P><P style="direction: ltr;"><SPAN style="color: #000000;">&nbsp;</SPAN></P><P style="direction: ltr;">Regards,</P><P style="direction: ltr;">Doron Zuckerman</P></BODY></HTML> Mon, 02 Jul 2018 06:35:55 GMT https://community.checkpoint.com/t5/Endpoint/SandBlast-Agent-Anti-Bot-exception/m-p/27253#M3609 Doron_Zuckerman 2018-07-02T06:35:55Z