This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
62742738
Participant
3 weeks ago

Zero Phishing is set to Prevent mode but Detect in logs

Hi everyone!

Can someone please help me, I'm just wondering why in the logs the action for Zero Phishing blade is Detect. But upon checking the policy, it is set to Prevent mode. See attached screenshots.

Logs Detect.pngPolicy Prevent.png

Why is it different? It should be Prevent in the logs as well right? Does anyone of you experienced this or am I missing out on something? Kind of a newbie in HEP 😄

0 Kudos
8 Replies
AdiGH
Employee
Employee
3 weeks ago

Hey,

Are all your rules set to prevent for zero phishing and password reuse? 

When you start with HEP the default policy is set to Detect, is it possible that on of the rules is still in detect mode?

0 Kudos
62742738
Participant
3 weeks ago
In response to AdiGH

Yes, it is all in prevent mode. Even the default one is changed to Prevent mode.

0 Kudos
the_rock
Legend
Legend
3 weeks ago
In response to 62742738

I would do quick remote with TAC, Im sure something rudimentary is missing.

Best,

Andy

0 Kudos
lluner
Contributor
3 weeks ago

hi 

I checked that my policy is prevented and shows detect for sites with http

 

phishing2.png

phishing3.png

All these alerts are http related

 

phishing4.png

All policies are in preventive mode

0 Kudos
Chris_Atkinson
Employee Employee
Employee
3 weeks ago
In response to lluner

Any exclusions configured?

CCSM R77/R80/ELITE
0 Kudos
lluner
Contributor
3 weeks ago
In response to Chris_Atkinson

Hi , Cris

For these sites no

 

0 Kudos
andreyta
Employee
Employee
3 weeks ago
In response to lluner

Hello,

Those are detect events for sites that were scanned by Zero Phishing. The extension did not recognize them as phishing (which means that the login to them were not prevented) but they were detected to be suspicious because they are http sites with login page. 

0 Kudos
lluner
Contributor
3 weeks ago
In response to andreyta

tks. @andreyta 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events