This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Pan123
Explorer
‎2023-09-24 11:17 PM

Reasons for classification of confidence level of Anti-Virus blade and IPS blade under our firewall

Hi experts,

 

I need some documents about the reasons for classification of confidence level of Anti-Virus blade and IPS blade under our firewall threat prevention policy.

 

I have read sk116254 but most of the information is about reasons for classification of security levels.

 

To better understand what I need, I've made a list of three tiers of questions, with the answer to the third question is what I want to know.

 

For example if there is a file through the firewall with low severity and low confidence, I want to know
1. How this file is diagnosed as low severity.
2. How this file is diagnosed as low confidence.
3. How does the Check Point determine that this file is produce false positive events in high/medium/low probability.

The SK can only answer me first two questions. I need to know the third one. How it judgement? By our experience? What is the basis of the analysis through our experience, or the chance of a previous miscarriage of justice, or a certain pattern to analyze?

 

Look forward to your answer. Thanks in advance.

0 Kudos
2 Replies
_Val_
Admin
Admin
‎2023-09-24 11:41 PM

Did you check the Threat Prevention guide already?

For example, quoting: 


Confidence Level

Some attack types are less severe than others, and legitimate traffic may sometimes be mistakenly recognized as a threat. The confidence level value shows how well the specified protection can correctly recognize the specified attack.

The Confidence parameter can help you troubleshoot connectivity issues with the Security Gateway. If legitimate traffic is blocked by a protection, and the protection has a Confidence level of Low, you have a good indication that more granular configurations might be required on this protection.

 

PhoneBoy
Admin
Admin
‎2023-09-25 11:12 AM

To answer the specific question: "How does the Check Point determine that this file is produce false positive events in high/medium/low probability" the answer is through testing and customer reports.
If you believe something is miscategorized, please bring appropriate evidence to the TAC. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events