https://community.checkpoint.com/t5/Spark-Firewall-SMB/PC-infected/m-p/33363#M1347 <HTML><HEAD></HEAD><BODY><P>the section security in monitoring indicates that there are two infected computers and 31 others that are probably infected. the antivirus is correctly activated but I do not understand why the posts could be infected?<BR />I ran kaspersky antivirus but nothing was detected. so then and protect the machines with CP?</P><P>what is the difference between prevent and detect in the blade control and how can delet infected information in .InfectedHostsLogs?</P><P>pictures:</P><P><IMG alt="" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63411_infec1.PNG" style="width: 620px; height: 172px;" /></P><P><IMG alt="" class="image-2 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63412_infec.PNG" style="width: 620px; height: 258px;" /></P></BODY></HTML> Fri, 02 Mar 2018 16:10:07 GMT junior_kakou 2018-03-02T16:10:07Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/PC-infected/m-p/33363#M1347 <HTML><HEAD></HEAD><BODY><P>the section security in monitoring indicates that there are two infected computers and 31 others that are probably infected. the antivirus is correctly activated but I do not understand why the posts could be infected?<BR />I ran kaspersky antivirus but nothing was detected. so then and protect the machines with CP?</P><P>what is the difference between prevent and detect in the blade control and how can delet infected information in .InfectedHostsLogs?</P><P>pictures:</P><P><IMG alt="" class="image-1 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63411_infec1.PNG" style="width: 620px; height: 172px;" /></P><P><IMG alt="" class="image-2 jive-image j-img-original" src="https://community.checkpoint.com/legacyfs/online/checkpoint/63412_infec.PNG" style="width: 620px; height: 258px;" /></P></BODY></HTML> Fri, 02 Mar 2018 16:10:07 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/PC-infected/m-p/33363#M1347 junior_kakou 2018-03-02T16:10:07Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/PC-infected/m-p/33364#M1348 <HTML><HEAD></HEAD><BODY><P>As you've shown in the screenshot, it appears the machines in question accessed sites that are known to contain malware, which generally would only happen in one of two situations:</P><UL><LI>The PC has some malicious software loaded on it (e.g. because it was infected with malware)</LI><LI>It's a false positive</LI></UL><P>You'd have to look closer into the logs to find out what site they accessed.</P><P>There are certain Anti-Bot protections that can only be "detected" due to the small number of packets involved.</P></BODY></HTML> Sat, 03 Mar 2018 02:24:51 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/PC-infected/m-p/33364#M1348 PhoneBoy 2018-03-03T02:24:51Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/PC-infected/m-p/33365#M1349 <HTML><HEAD></HEAD><BODY><P>Prevents means a session has been broken off prematurely by the firewall.</P><P>Detect means it just saw something suspicious but it was not stopped by the firewall.</P><P></P><P>Botnet activity could just be a DNS query that point to a suspected host.&nbsp;</P><P></P><P>As a rule of thumb I find these overviews a bit confusing. Just get into the relevant logs and see what details you get there.</P></BODY></HTML> Mon, 05 Mar 2018 08:55:32 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/PC-infected/m-p/33365#M1349 Hugo_vd_Kooij 2018-03-05T08:55:32Z