Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
64Bit
Contributor

Checkpoint blocked its own updater UID612340.pyc as Trojan

Our users are getting a notification that the Ant-Malware blade has blocked a Python script. 

PythonScriptBlockNotification.jpg

 

On investigation we found its actually Checkpoints own updater.

C:\ProgramData\CheckPoint\Endpoint Security\TPCommon\Updater\ATPS\Working\652743B2ED95EABB5DE5D88CDC51BF9E396216CD\cuckoo\protections\general\UID612340.pyc

Is there an actual issue with this script or should we add a manual exclusion for this ?

CardView.jpg

.

5 Replies
BrockCap
Explorer

Hi there 64Bit,

Our users also started getting this alert at just after 4pm today, Perth, Western Australia time. I have a case logged with CP support so I'd be happy to let you know the outcome of that if you like? We've never experienced this issue before so safe to say you shouldn't have to add an exclusion but will confirm.

I was glad to see your post because I wanted confirmation it wasn't just us.

Thanks

0 Kudos
_Val_
Admin
Admin

Please open a TAC case for this

0 Kudos
afoggia
Explorer

Hi , same issue, in my organization , all in quarantine

thanks

Antonio Foggia

0 Kudos
PhoneBoy
Admin
Admin

Looks like a false positive in the Anti-Malware signatures.
New signatures should be available in the next few hours that address this.

Joe_Matthews
Participant

Does anyone know if this file (UID612340.pyc) gets recreated or recompiled after the endpoint updates or if this file is even need for proper function of the endpoint?  Since the file was deleted there is no way to restore it but if it is not needed do we even concern ourselves with it?

0 Kudos