Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
ChoiYunSoo
Contributor

I want to know the known Reputation information of Anti-Virus and how to handle exceptions

Hi

 

I am checking the checkpoint sandboxing feature

While checking Reputation, signature, etc., I had a question about logs and exceptions.

 

1. If you check the Anti-Virus signature information on the smart console, more than 30 million cases are confirmed.

However, when trying to apply it in an exception rule, only up to 100,000 signature information can be retrieved.

Does anyone know how to make an exception rule for signature information that is not retrieved?'

(It is actually being blocked by the firewall, but the signature is not looked up_)

2023-01-03_16-41-17.png

2023-01-03_16-42-08.png

 

2023-01-03_16-49-44.png

 

2023-01-03_16-57-56.png

 

 

 

2. If I use the add-exception function after checking the signature name in the Anti-Virus log, the attached file, not the signature, will be treated as an exception.

I'm confused Whether the hash value of the signature identified in the log is correctly handled as an exception, or whether the exception is handled by other logic.

 

2023-01-03_17-22-40.png

2023-01-03_17-22-51.png

2023-01-03_17-23-14.png

0 Kudos
1 Reply
PhoneBoy
Admin
Admin

Some of the signatures are transient in nature, meaning they only exist for a short period of time before they are either removed as a false positive or rolled into another signature.
Best to consult with the TAC on this issue.

Exceptions…it depends on the precise rule you’ve created in your Threat Prevention policy.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events