- Products
- Learn
- Local User Groups
- Partners
- More
CheckMates Fifth Birthday
Celebrate with Us!
days
hours
minutes
seconds
Join the CHECKMATES Everywhere Competition
Submit your picture to win!
Check Point Proactive support
Free trial available for 90 Days!
As YOU DESERVE THE BEST SECURITY
Upgrade to our latest GA Jumbo
The 2022 MITRE Engenuity ATT&CK®
Evaluations Results Are In!
Now Available: SmartAwareness Security Training
Training Built to Educate and Engage
MITRE ATT&CK
Inside Check Point products!
CheckFlix!
All Videos In One Space
Anyone else running into a bunch of anti-bot detection events today? All of a sudden we have 80+ clients logging anti-bot detection events. Services flagged are svchost/chrome/IE.
Most are tagged as Phising_website.bynzq
Trying to work with support, but they seem overwhelmed and don't have anyone available.
Curious if anyone else has seen these today.
Turns out it was indeed a false positive, that impacts all version of the clients. Will be fixed in version 80.90 I guess. The fix I was given was to update all the clients to that version whenever it come out.
Apparently R&D found out about it yesterday afternoon, sadly that didn't get shared with support or Incident Response until overnight.
Can you send me the TAC case you opened in a PM?
sent a message:
As an update, it appears all of the events are trying to go to the same destination:
ord30s26-in-f238.1e100.net (216.58.192.238)
That appears to be a google hosted site, and virus total has it checked as clean. Not sure why Endpoint is flagging that activity, looks like a false positive, but trying to verify that.
Can you post a screenshot of the blocks you're seeing?
Turns out it was indeed a false positive, that impacts all version of the clients. Will be fixed in version 80.90 I guess. The fix I was given was to update all the clients to that version whenever it come out.
Apparently R&D found out about it yesterday afternoon, sadly that didn't get shared with support or Incident Response until overnight.
I was told the same thing through my contacts.
About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY