cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted
chico
Nickel

SMTP Emulation

Hello everybody,
I'm new in the checkpoint devices and I have a question about the SandBlast for smtp.
Recently checkpoint blocked an attachment to a customer document. It was a word (.doc) document and after looking the logs I can see that the document was bloqued to protection name "Exploited doc document"

If I look the forensic details I can see that the vulnerable operating systems was for (as shown on the attachement file)
-Win7
-WinXP

So if I use a Windows 10 operating syseme, can I dowload the document serently ?

Regards,

4 Replies
Employee+
Employee+

Re: SMTP Emulation

Hi chico,
Welcome!

No, usually when a file is malicious on one OS it is also malicious on others. The reason we use these images (XP & 7) is that they are the most common and therefore attackers usually make their malware run on them. In the sandbox we want to entice the malware to run. But it doesn't mean that Windows 10 is secured against this file.
chico
Nickel

Re: SMTP Emulation

Hello,

Thank you for your answer.


Do you know how to create an alert by mail or syslog when an critical smtp Emulation event arrive ? I don't find anything about that in the smartEvent.


Regards,

 

 

0 Kudos
Employee+
Employee+

Re: SMTP Emulation

Are you able to create SME reaction / e-mail alert on Threat Emulation events in general? just don't know how to filter by Critical severity & SMTP?
chico
Nickel

Re: SMTP Emulation

Hi,

 

I'm able to create reaction but I don't know how to filter by critical severity and SMTP protocole.

 

Regards,