Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
CheckPointerXL
Advisor
Advisor

Anti-Virus and Anti-Bot: time to discuss some strange behavoir

Hi all,

time to tune some TP Profile, so i'm going deep into some any-any rule to tune it.

I found some strange logs that i wanna discuss with you:

1)

 
 

image.png

 

2)

 

image.png

 

 

 

 

 

 

 

 

1) Anti-bot is a know post-infection security feature; i assume that only traffic from internal to external is relevant for this blade.... so, can you help me why anti-bot is triggered for traffic with source internet and destination FW external interface?

 

2) Anti-virus: it seems that the blade is saying "hey, internet IP is tryng to reach you, but you are a site known to contain malware"... Am i wrong?

 

thank you!

0 Kudos
1 Reply
_Val_
Admin
Admin

1. No, Anti-Bot also helps with prevention. In this specific case, it blocked an apparent scan from Shodan.

2. The second log interpretation is correct, it flagged a malicious site connection attempt.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events