This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
robertp
Contributor
‎2025-06-12 03:30 AM

Anti-Bot/Anti-Virus logs not readable

Hey,

I deployed Anti-Virus and Anti-Bot for a customer, for now without HTTPS inspection and just in detect mode for testing. The customer is expecting some log reports showing what's going on, but all my logs look as on the attached screenshots. I opened a TAC case but they just told me that my config is correct and they have no idea, but I need to test a few URL's and provide the timestamps for this testing. Getting the customer to do these tests is not easy so I thought I'll ask in the meanwhile here, maybe someone had a similar issue?

Result is the same whether I use SmartConsole or SmartView. Doesn't show anything more in the Corelated events report either.

IPS logs look fine, it's just the anti-bot/virus blades acting up.

Labels
Preview file
151 KB
0 Kudos
9 Replies
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-06-12 06:17 AM

Which version & JHF is this system, have you tried CheckME as a method of generating relevant logs for review?

Presume the gateway also has visibility of the DNS traffic?

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-06-12 06:42 AM

I just get below, its in R81.20 jumbo 103

Andy

Best,
Andy
"Have a great day and if its not, change it"
Preview file
74 KB
0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-06-12 07:05 AM
In response to the_rock

In a lab environment with minimal traffic the control logs will stand out, not sure it's relevant to the original post.

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-06-12 07:08 AM
In response to Chris_Atkinson

Thats true, though I did lots of AV tests in that lab.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-06-12 07:27 AM
In response to Chris_Atkinson

I will try disable blade later, install policy, re-enable, push policy again and test...want to see if it makes any difference.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-06-12 07:49 AM

Hey @robertp 

I just tested process I mentioned to Chris and it does appear it made the difference, but will give it more time to confirm. Not sure if it would work in your case, but maybe worth trying, as long as there no too many references that would require to be removed prior to disabling the blade.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-06-13 10:07 AM

For what its worth, I did same test in R82 jumbo 19 (latest one), but no difference.

Did you open TAC ticket for this?

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos
robertp
Contributor
‎2025-06-17 06:33 AM
In response to the_rock

Hi, I did, but due to the fact I couldn't get the customer to do the test required by TAC (that's a long story..) they closed the ticket. Trying to figure it out on my own for now until I get a testing VM in the customer environment. 

I did the exact same config for another customer and that works fine. The only difference is, that this one has a SmartEvent server, and I'm thinking if it's not the issue here.

0 Kudos
the_rock
MVP Diamond
MVP Diamond
‎2025-06-17 10:55 AM
In response to robertp

Hm..not sure if smart even would make any difference, as I tested with dedicated smart event in R81.20 lab. In R82 lab, its integrated into standalone lab.

Andy

Best,
Andy
"Have a great day and if its not, change it"
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events