We use multiple checkpoint gateways ... we have times where we try to decode the logging entries.
We had recent log entries, which stated that a server has used network communication on port 1027(ICKiller).
A Windows Trojan!! https://threatwiki.checkpoint.com/threatwiki/public.htm
Now the research on the Server using an Antivirus - tool could not find any suspected infection.
According to checkpoint are the security gateways detects suspicious communication based on signature inside the packet. Is that the case even when Antivirus Blade is not active? Is the default Intrusion Detection System able accurately to identify threats