Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
LuisSP
Collaborator

Is this site at wrong categorization?

Greetings checkmates. I have following question: firewall notified me about high risk activity of BOT on LAN, by detecting DNS query to resolve site nativesubscribe.pro,  however checkpoint's  url categorization indicate that site mentioned before  is belong to general category uniquely.

Why this difference?

 

Security Alert--nativesubscribe.pro.JPG

 

 

 

 

 

 

 

 

 

 

 

Security Alert--nativesubscribe.pro2.JPG

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

The site that you're looking at is only showing you the categorization according to URL Filtering, not according to the Threat Prevention blades.
When I tried accessing that site earlier from behind my own Check Point gateway, I did not get blocked by Anti-Bot.
Likewise, nothing responds at that IP currently.
0 Kudos
Vladimir
Champion
Champion

This actually gives me an idea: can we get a tool built into SmartConsole that will allow us to either paste the URLs, or invoke their access directly from the logs and run them through Check Point's hosted services to determine if any of the blades block it outside our environments. Brief report describing reason for blocking access will be helpful.

This should speed-up troubleshooting and provide sanity checks.

0 Kudos
PhoneBoy
Admin
Admin

That's what I use my own firewalls for 😁
But I see where that could be valuable.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events