Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
chico
Contributor

SMTP Emulation

Hello everybody,
I'm new in the checkpoint devices and I have a question about the SandBlast for smtp.
Recently checkpoint blocked an attachment to a customer document. It was a word (.doc) document and after looking the logs I can see that the document was bloqued to protection name "Exploited doc document"

If I look the forensic details I can see that the vulnerable operating systems was for (as shown on the attachement file)
-Win7
-WinXP

So if I use a Windows 10 operating syseme, can I dowload the document serently ?

Regards,

4 Replies
TP_Master
Employee
Employee

Hi chico,
Welcome!

No, usually when a file is malicious on one OS it is also malicious on others. The reason we use these images (XP & 7) is that they are the most common and therefore attackers usually make their malware run on them. In the sandbox we want to entice the malware to run. But it doesn't mean that Windows 10 is secured against this file.
chico
Contributor

Hello,

Thank you for your answer.


Do you know how to create an alert by mail or syslog when an critical smtp Emulation event arrive ? I don't find anything about that in the smartEvent.


Regards,

 

 

0 Kudos
TP_Master
Employee
Employee

Are you able to create SME reaction / e-mail alert on Threat Emulation events in general? just don't know how to filter by Critical severity & SMTP?
chico
Contributor

Hi,

 

I'm able to create reaction but I don't know how to filter by critical severity and SMTP protocole.

 

Regards,

 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events