https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112220#M21127 <P>Hello team,</P><P>We are facing an issue with Threat Emulation which detected URLs belong to Google and Microsoft (windowsupdate.com and gvt1.com) that checkpoint classified it as&nbsp;malicious or threat. Why Checkpoint&nbsp;detect it as malicious or a threat? Please kindly help us to resolve this issue.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Threat Emulation - Microsoft URL" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/10720iF51CCE2062DB1A6B/image-size/medium?v=v2&amp;px=400" role="button" title="MicrosoftTeams-image.png" alt="Threat Emulation - Microsoft URL" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Threat Emulation - Microsoft URL</span></span></P><P>&nbsp;</P><P>Thanks in advance!</P><P>Ravoth</P> Tue, 02 Mar 2021 03:00:07 GMT Ravoth 2021-03-02T03:00:07Z https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112220#M21127 <P>Hello team,</P><P>We are facing an issue with Threat Emulation which detected URLs belong to Google and Microsoft (windowsupdate.com and gvt1.com) that checkpoint classified it as&nbsp;malicious or threat. Why Checkpoint&nbsp;detect it as malicious or a threat? Please kindly help us to resolve this issue.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Threat Emulation - Microsoft URL" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/10720iF51CCE2062DB1A6B/image-size/medium?v=v2&amp;px=400" role="button" title="MicrosoftTeams-image.png" alt="Threat Emulation - Microsoft URL" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Threat Emulation - Microsoft URL</span></span></P><P>&nbsp;</P><P>Thanks in advance!</P><P>Ravoth</P> Tue, 02 Mar 2021 03:00:07 GMT https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112220#M21127 Ravoth 2021-03-02T03:00:07Z https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112322#M21145 <P>In that log message, it says the file that was downloaded was a forbidden type.<BR />Has nothing to do with where it came from.<BR />You should be able to just the Threat Prevention profile accordingly to allow it or add an exception.<BR />Do you have other examples?</P> Tue, 02 Mar 2021 22:02:29 GMT https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112322#M21145 PhoneBoy 2021-03-02T22:02:29Z https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112332#M21146 <DIV>Dear <SPAN>PhoneBoy</SPAN>,<BR />First of all, we would like to know whether the domain/URL is belong to Microsoft and Google or not. If it really belongs to them why checkpoint detected it as malicious or threat or is it really malicious? Please advise us what we can do to not let checkpoint detected as malicious if it is the legit file. We have checked the domain on whois and X-force Exchange, it says belongs to Microsoft and Google.<BR /><BR />Thank you!<BR />This is an example of a Google update and Windows Update.</DIV><DIV><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Google Update - Redirected" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/10729i022937C63B9047EE/image-size/medium?v=v2&amp;px=400" role="button" title="Redirect.PNG" alt="Google Update - Redirected" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Google Update - Redirected</span></span></DIV><DIV><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Threat Emulation - Windows Updated" style="width: 400px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/10730i4439F363DC9AB557/image-size/medium?v=v2&amp;px=400" role="button" title="Threat Emulation.png" alt="Threat Emulation - Windows Updated" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Threat Emulation - Windows Updated</span></span></DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>&nbsp;</DIV> Wed, 03 Mar 2021 03:01:43 GMT https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112332#M21146 Ravoth 2021-03-03T03:01:43Z https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112340#M21147 <P>I assume Google and Microsoft respectively own the domains because that's what their WHOIS records say.</P> <P>The Google update&nbsp;has nothing to do with where it came from, but your Threat Prevention profile, as I said with the previous example.<BR />You probably have a rule blocking .EXE files and that message is consistent with that.</P> <P>The Microsoft update is probably a false positive.<BR />You can work around it with an exception, but I recommend engaging with the TAC.</P> Wed, 03 Mar 2021 04:41:01 GMT https://community.checkpoint.com/t5/General-Topics/URLs-of-Google-and-Microsoft-windowsupdate-com-and-gvt1-com/m-p/112340#M21147 PhoneBoy 2021-03-03T04:41:01Z