topic Access to infected resources before signature is created in Endpoint https://community.checkpoint.com/t5/Endpoint/Access-to-infected-resources-before-signature-is-created/m-p/199192#M7822 <P>Hello,</P><P>What is the proper way to manage&nbsp;infections occurring because no signature have yet been created and sandbox didn't block it?</P><P>In my sense, there should be a way to analyze previous access with newly created signatures and generate alerts</P><P>&nbsp;</P> Tue, 28 Nov 2023 18:56:21 GMT gander 2023-11-28T18:56:21Z Access to infected resources before signature is created https://community.checkpoint.com/t5/Endpoint/Access-to-infected-resources-before-signature-is-created/m-p/199192#M7822 <P>Hello,</P><P>What is the proper way to manage&nbsp;infections occurring because no signature have yet been created and sandbox didn't block it?</P><P>In my sense, there should be a way to analyze previous access with newly created signatures and generate alerts</P><P>&nbsp;</P> Tue, 28 Nov 2023 18:56:21 GMT https://community.checkpoint.com/t5/Endpoint/Access-to-infected-resources-before-signature-is-created/m-p/199192#M7822 gander 2023-11-28T18:56:21Z Re: Access to infected resources before signature is created https://community.checkpoint.com/t5/Endpoint/Access-to-infected-resources-before-signature-is-created/m-p/199211#M7823 <P>Signatures require traffic to match against, which you obviously won't have after the fact.<BR />The only thing you might have are IPs and URLs accessed, which could theoretically be "re-analyzed" after the fact.<BR />Our XDR offering includes some additional tools that may be useful in such situations:&nbsp;<A href="https://www.checkpoint.com/horizon/xdr-xpr/" target="_blank">https://www.checkpoint.com/horizon/xdr-xpr/</A>&nbsp;</P> Tue, 28 Nov 2023 23:47:47 GMT https://community.checkpoint.com/t5/Endpoint/Access-to-infected-resources-before-signature-is-created/m-p/199211#M7823 PhoneBoy 2023-11-28T23:47:47Z Re: Access to infected resources before signature is created https://community.checkpoint.com/t5/Endpoint/Access-to-infected-resources-before-signature-is-created/m-p/199213#M7824 <P>I see what Phoneboy is saying. I watched presentation Sales gave about XDR and it definitely could help here.</P> <P>Best regards,</P> <P>Andy</P> Wed, 29 Nov 2023 00:37:50 GMT https://community.checkpoint.com/t5/Endpoint/Access-to-infected-resources-before-signature-is-created/m-p/199213#M7824 the_rock 2023-11-29T00:37:50Z