https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165573#M6351 <P>R&amp;D is investigating, this is not only your isolated issues. We will update you once we have more information.</P> Mon, 19 Dec 2022 12:37:35 GMT _Val_ 2022-12-19T12:37:35Z https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165410#M6350 <P>Hello CheckMates,</P><P>We've been fairly actively testing versions E86.70 &amp; Newer due to their added support for 22H2 (albeit still EA).<BR />We had recently noticed an issue relating to Threat Hunting; we only have records for "Detection Event" and "Network" sensor categories and even in those departments, the numbers are significantly lower than what we'd typically see in prior versions.<BR /><BR />And this is consistent among ~300 installations of these newer clients.</P><P>Within our statistics pool, E86.60 still appears to function as expected in regards to Threat Hunting delivery. A check was also performed with "checkconnectivity.exe" and on E86.80, which is our largest sample size, the 3 URLs associated with Threat Hunting Upload all appear to fail.<BR /><BR />We've upgraded a handful of clients to E87.00 and the connectivity check now appears to succeed, but we're still not receiving events to TH, though the sample size here is still fairly small.</P><P>Is anyone else experiencing this?&nbsp;</P> Fri, 16 Dec 2022 13:01:46 GMT https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165410#M6350 Swiftyyyy 2022-12-16T13:01:46Z https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165573#M6351 <P>R&amp;D is investigating, this is not only your isolated issues. We will update you once we have more information.</P> Mon, 19 Dec 2022 12:37:35 GMT https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165573#M6351 _Val_ 2022-12-19T12:37:35Z https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165635#M6355 <P>Looks to have been corrected.<BR />I opened a case with TAC yesterday, today I wanted to collect a set of logs for them &amp; noticed things are working again.<BR />So I'm confirming that E86.70, E86.80 as well as E87.00 in the sample sizes we have appear to be forwarding TH events again.</P> Tue, 20 Dec 2022 08:21:08 GMT https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165635#M6355 Swiftyyyy 2022-12-20T08:21:08Z https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165653#M6357 <P>Thanks for letting us know.&nbsp;</P> Tue, 20 Dec 2022 09:49:43 GMT https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165653#M6357 _Val_ 2022-12-20T09:49:43Z https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165657#M6358 <P>Hi,</P> <P>Following your feedback and others we have investigated the behavior and made a change in the backend side to resolve the issue.</P> <P>I am happy to hear you are getting the expected data correctly.</P> <P>&nbsp;</P> <P>Have a nice day</P> <P>Shiran&nbsp;</P> Tue, 20 Dec 2022 11:23:23 GMT https://community.checkpoint.com/t5/Endpoint/E86-70-and-Newer-amp-Threat-Hunting/m-p/165657#M6358 Shiran_Gold 2022-12-20T11:23:23Z