Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
gazette
Explorer
Jump to solution

Security Logs

Hello, I have recently had some doubts about some security logs in a 790 firewall, such as the following three examples:

checkpoint_790_2021-09-14_21-58-42.jpgcheckpoint_790_2021-09-14_21-59-05.jpgcheckpoint_790_2021-09-14_22-04-13.jpg

Both the source and the destination are servers on the same network segment, for example 180.80.0.0/24. The three events shown are sourced by the same server (180.80.0.10) but at two destinations (180.80.0.13, 180.80.0.14). This leads me to think that the 180.80.0.10 server has malware, but it has the Harmony Endpoint installed, I have verified and everything seems to be fine.

But the alerts keep coming constantly, what can I do in this case?

While on the other console of the 790, it tells me that it is infected.

_checkpoint_790_2021-09-14_22-23-26.jpg

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

I would assume a false positive as the traffic is local, not to a C&C server...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Could very well be false positives.
Packet captures and a TAC case are definitely in order.

0 Kudos
G_W_Albrecht
Legend Legend
Legend

I would assume a false positive as the traffic is local, not to a C&C server...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events