Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
sjchris87
Explorer

Threat Hunting Seeing Files that are no longer there.

Has anyone else seen this?

I have a user who had malicious files saved on his share drive. CheckPoint Threat Hunting saw the files via the mapped path, so it couldn't actually quarantine the file. I had a system admin so into the file share and remove the files. Had the user reboot. It stopped reporting for a while.

It started reporting again, but the sys admin said the files were still gone.

Any insight?

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

I recommend engaging with the TAC here to see what's going on.

0 Kudos