Re: Remediation Steps

misj2

I am new to harmony checkpoint endpoint and would like some guidance as to what the normal process is for companies when we encounter endpoint clients being flagged as malicious activity files quantined by Checkpoint, under cyber security endpoint reporting for malware and antibot as active or blocked ? At the moment our only step is to remove devices off the networks a re-image if they are infected.

Do checkpoint have any remediation tools or techniques to assist with confirming if they are false positives or genuinely infected ?

PhoneBoy

It depends on the type/severity of the incident as well as what's normal/expected in your environment.

There are some general hints for dealing with these situations (not specific to Check Point) here: https://community.checkpoint.com/t5/Incident-Response/No-Suits-No-Ties-MDR-and-Incident-Response-Goi...

misj2

One example of alerts include the following captured by protection : CeptBiro.TC.b726jHEV , a few files were quarantined. How to confirm if its a false positive or genuine malicious activity ?

URL : http://polyfill.io:443

Original Source URL : https://builtwith.com/aquila-capital.de

{"Nombre de protección":"CeptBiro.TC.b726jHEV","Medida adoptada":"Evitado","URL":http://polyfill.io:443,"Nombre del proceso":"C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe","Identificador del proceso":"17248","Nombre del usuario":"PAZR1","Identificador del proceso principal":"0","Fecha y hora de primera infección":"14 de oct. de 2024 14:58","Fecha y hora de última infección":"14 de oct. de 2024 14:58"}

Are you a member of CheckMates?

Remediation Steps