This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kevin_T600
Contributor
‎2018-12-19 01:07 PM
Jump to solution

Anti-bot events today 12-19

Anyone else running into a bunch of anti-bot detection events today? All of a sudden we have 80+ clients logging anti-bot detection events. Services flagged are svchost/chrome/IE. 

Most are tagged as Phising_website.bynzq

Trying to work with support, but they seem overwhelmed and don't have anyone available. 

Curious if anyone else has seen these today. 

1 Solution

Accepted Solutions
Kevin_T600
Contributor
‎2018-12-20 04:07 AM
Jump to solution

Turns out it was indeed a false positive, that impacts all version of the clients. Will be fixed in version 80.90 I guess. The fix I was given was to update all the clients to that version whenever it come out. 

Apparently R&D found out about it yesterday afternoon, sadly that didn't get shared with support or Incident Response until overnight. 

View solution in original post

0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2018-12-19 04:58 PM
Jump to solution

Can you send me the TAC case you opened in a PM?

0 Kudos
Kevin_T600
Contributor
‎2018-12-19 05:41 PM
In response to PhoneBoy
Jump to solution

sent a message:

As an update, it appears all of the events are trying to go to the same destination:

  ord30s26-in-f238.1e100.net    (216.58.192.238)

That appears to be a google hosted site, and virus total has it checked as clean. Not sure why Endpoint is flagging that activity, looks like a false positive, but trying to verify that.

0 Kudos
PhoneBoy
Admin
Admin
‎2018-12-19 09:19 PM
In response to Kevin_T600
Jump to solution

Can you post a screenshot of the blocks you're seeing?

0 Kudos
Kevin_T600
Contributor
‎2018-12-20 04:07 AM
Jump to solution

Turns out it was indeed a false positive, that impacts all version of the clients. Will be fixed in version 80.90 I guess. The fix I was given was to update all the clients to that version whenever it come out. 

Apparently R&D found out about it yesterday afternoon, sadly that didn't get shared with support or Incident Response until overnight. 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-12-20 09:55 AM
In response to Kevin_T600
Jump to solution

I was told the same thing through my contacts.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events