Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Anti-virus blade question...DNS phishing

I have inherited a Check Point 2200 Firewall and now trying to learn as much as I can.  Is this the correct forum to ask questions?  If not please point me to the correct one. 

Today, I saw an entry in the logs for the Threat Prevention/Anti-Virus log that mentions detection of Phishing.djutth.  I believe this is a DNS Malicious request (DNS Phishing) but was not able to find anything specific.  My concern is that it shows as detected, not prevented.  In addition a small amount of traffic went out (177 KB).  Can anyone educate me on this?

Thanks.

Tags (1)
0 Kudos
1 Reply
Highlighted
Admin
Admin

Re: Anti-virus blade question...DNS phishing

For this question, it's the correct space Smiley Happy

Generally speaking, you can look up threats here: ThreatWiki | Check Point Software 

While I wasn't able to find this specific threat here, many of the phishing protections are considered "Low Confidence."

Depending on how you've configured your Threat Prevention policy, these protections may only trigger a Detect action versus a Prevent action.

0 Kudos